Part 2
Zaros
PerpetualsDEXFoundrySolidity
70,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Missing Slippage Protection in USDz Swaps

luffy

Summary

The USDz redemption mechanism lacks minimum output parameters, exposing users to MEV risks.

Vulnerability Details

// In USDzSwapper.sol
function swapUsdzToCollateral(uint256 amount) public {
// No minimum output parameter
uint256 collateralAmount = calculateCollateralAmount(amount);
collateral.transfer(msg.sender, collateralAmount);
}

Impact

  • Users might receive significantly less collateral than expected

  • Front-running opportunities for MEV bots

Tools Used

  • Manual review

  • Foundry (simulation)

Recommendations

function swapUsdzToCollateral(uint256 amount, uint256 minOutput) public {
uint256 collateralAmount = calculateCollateralAmount(amount);
require(collateralAmount >= minOutput, "Slippage exceeded");
collateral.transfer(msg.sender, collateralAmount);
}
Updates

Lead Judging Commences

inallhonesty Lead Judge 4 months ago
Submission Judgement Published
Invalidated
Reason: Out of scope

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.