Part 2

Summary:

All multi-hop or single-hop routes are effectively controlled by the keeper-provided path. If the keeper provides a path that includes malicious token pairs or artificially inflated pools, the protocol can again suffer from poor fill prices or re-route tokens to unintended addresses.

Vulnerability Details:

Affected Components:

• MarketMakingEngine._convertAssetsToUsdc(...)

• FeeDistributionBranch._performMultiDexSwap(...)

Key Issue:
Allowing keepers to supply arbitrary swap paths exposes the system to routing through malicious token pairs or manipulated liquidity pools. This flexibility can result in disproportionately high slippage or misdirected token flows.

Impact:

Price Manipulation: Attackers can manipulate swap paths to force trades at highly adverse prices.

Token Diversion: Malicious paths might redirect tokens to attacker-controlled addresses.

Tools Used:

Manual code review
Slither
Mythril

Recommendations:

• Maintain an allowlist of safe DEX Adapters and/or token pairs.

• Validate path to ensure it only references known-good tokens and dex pools.

• Alternatively, expose a governance-managed “approved swap routes” map that keepers must use.