slippageToleranceBps is same for every token, leading to high slippage even when market conditions are favourable
Vulnerability Details
BaseAdapter::slippageToleranceBps is same for every token. This is used in calculating amountOutMin inside BaseAdapter::calculateAmountOutMin when executing swap in UniswapV2Adapter/UniswapV3Adapter/CurveAdapter.
Lets say current slippageToleranceBps is 100(which is also the Constants::MIN_SLIPPAGE_BPS)
and we want to swap 10K of USDC for 0.1 WBTC on uniswap v2(assuming market is stable right now).
Given the small amount and normal market conditions, swap could have been easily executed at 50BPS but we had high slippage and we paid 50$ more(0.5% of 10K).
Another situation can be where we are swapping in a highly volatile market, where current slippageToleranceBps is not enough and swap always fails.
Impact
Swaps are done in multiple places like:
CreditDelegationBranch::rebalanceVaultsAssetsCreditDelegationBranch::convertMarketsCreditDepositsToUsdcFeeDistributionBranch::convertAccumulatedFeesToWeth
If current slippage is higher than the ideal one for the concerned pair of tokens, then protocol will pay more than what it needs to and if current slippage is lower than the required, the swap will revert breaking the functionality of these functions.
Tools Used
Manual Review
Recommendation
slippage should be set on per collateral basis, considering liquidity and stability of the market.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.