Insufficient validation of swap routes may result in the manipulation of swap operations.
Title
Insufficient validation of swap routes may result in the manipulation of swap operations.
Summary
StrategyMainnet contract is capable of storing swap routes without adequate validation, which opens the possibility for malicious routes to be introduced. This could disrupt legitimate swap operations and prevent swaps from being executed at premium rates.
Vulnerability Details
Here's how a new route can be added via addRoute function of StrategyMainnet contract:
As seen above, there's no proper validation of routes including intermidate tokens and path length and so on.
Missing validation in swap routes can lead to issues like manipulated paths, malicious tokens, or failed transactions. Even trusted keepers can make mistakes, causing permanent fund loss. The contracts don’t verify token addresses, proper path connections, or reasonable route lengths.
Impact
Insufficient validation in swap routes or misconfigured parameters can cause failed swaps, incorrect routes, manipulation, or even irreversible token loss.
Tools Used
Manual Review
Recommendations
To mitigate risks, consider implementing a whiteliste for intermediary tokens and enforcing a maximum path length. Also, monitor any validation failures for better tracking and transparency.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.