TSwapPool::sellPoolTokens mismatches input and output tokens causing users to receive the incorrect amount of tokens
Summary
The TSwapPool::sellPoolTokens function incorrectly swaps pool tokens for WETH, resulting in users receiving an incorrect amount of tokens. This issue arises because the function calls swapExactOutput instead of swapExactInput, leading to a mismatch in the token amounts swapped.
Vulnerability Details
The sellPoolTokens function is designed for users to sell a specified amount of pool tokens and receive WETH in return. Users indicate the amount of pool tokens to sell via the poolTokenAmount parameter. However, the function currently calls swapExactOutput instead of swapExactInput. Since users specify the exact amount of input tokens (pool tokens), the function should be calling swapExactInput to correctly calculate the WETH amount received.
Current implementation:
Impact
Users will receive an incorrect amount of WETH when selling their pool tokens, disrupting the protocol's functionality and causing potential financial loss.
Tools Used
Manual code review
Recommendations
Appeal created
`sellPoolTokens` mismatches input and output tokens causing users to receive the incorrect amount of tokens
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.