Lack of Slippage Protection in TSwapPool::swapExactOutput May Result in Users Receiving Significantly Fewer Tokens
Summary
The swapExactOutput function lacks slippage protection. Unlike the swapExactInput function, which specifies a minOutputAmount, the swapExactOutput function should specify a maxInputAmount to safeguard users against unfavorable price movements during transaction processing.
Vulnerability Details
Assume the current price of 1 WETH is 1,000 USDC.
A user initiates a swapExactOutput to obtain 1 WETH with the following parameters:
inputToken: USDC
outputToken: WETH
outputAmount: 1 WETH
deadline: A future timestamp
The function does not specify a maxInputAmount.
While the transaction is pending in the mempool, the market conditions change drastically, and the price of 1 WETH increases to 10,000 USDC.
The transaction executes, and the user ends up spending 10,000 USDC instead of the anticipated 1,000 USDC.
Impact
Users could suffer substantial losses if market conditions shift unfavourably before the transaction completes, resulting in a much worse exchange rate than anticipated.
Tools Used
Manual Review
Recommendations
Implement a maxInputAmount parameter in the swapExactOutput function to limit the amount of tokens the user can spend, allowing them to predict and cap their transaction.
Appeal created
Lack of slippage protection in `TSwapPool::swapExactOutput` causes users to potentially receive way fewer tokens
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.