Lack of Price Check Before Swap
Summary
The _swapUnderlyingToAsset function executes a token swap without verifying if the swap rate is favorable compared to the expected price, leaving the contract exposed to potential loss from unfavorable swap rates.
Vulnerability Detail
The function requires that the minOut parameter exceeds the amount being swapped (_amount), but there is no check to ensure the swap occurs at an acceptable price. The contract lacks a mechanism to confirm that the swap is executed at a reasonable rate relative to the expected price, which could lead to the strategy swapping tokens at a poor rate.
Impact
Price Manipulation Risk: The swap could occur at an unfavorable price due to market fluctuations.
Lack of Slippage Protection: While
minOutlimits the minimum acceptable amount of output, it doesn't protect against significant price changes during the swap.Unfavorable Execution: The contract may execute swaps at a loss if the rate is not verified beforehand.
Tool used
Manual Code Review
Recommendation
Implement a Price Check: Integrate a price validation mechanism using an oracle or reliable pricing source to confirm that the swap occurs at a favorable rate before execution.
Enhance Slippage Protection: Introduce dynamic slippage control to prevent trades from being executed under unfavorable market conditions.
Appeal created
[INVALID]Lack of mechanism to ensure premium swaps
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.