Part 2
Zaros
PerpetualsDEXFoundrySolidity
70,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Missing Events for executeSwapExactInput::DexSwapStrategy

heim

Summary

The executeSwapExactInput function in DexSwapStrategy.sol performs multi-token swaps without emitting events, making it impossible to track these operations through blockchain logs.

Vulnerability Details

The function executes swaps without event emission:

function executeSwapExactInput(
Data storage self,
SwapExactInputPayload memory swapCallData
)
internal
returns (uint256 amountOut)
{
IDexAdapter dexAdapter = IDexAdapter(self.dexAdapter);
return dexAdapter.executeSwapExactInput(swapCallData);
}

Impact

  • No on-chain tracking of multi-token swap executions

  • Reduced transparency for complex swap operations

  • Difficulty in monitoring DEX adapter interactions

  • Limited ability to track swap paths and results

  • Challenges in debugging multi-token swap issues

The function:

  • Takes a SwapExactInputPayload containing swap path

  • Executes multi-token swap via dexAdapter

  • Returns final amount without logging any steps

Tools Used

Manual review

Recommendations

event SwapExactInputExecuted(
address dexAdapter,
uint256 amountIn,
uint256 amountOut,
bytes path
);
function executeSwapExactInput(
Data storage self,
SwapExactInputPayload memory swapCallData
)
internal
returns (uint256 amountOut)
{
IDexAdapter dexAdapter = IDexAdapter(self.dexAdapter);
amountOut = dexAdapter.executeSwapExactInput(swapCallData);
emit SwapExactInputExecuted(
self.dexAdapter,
swapCallData.amountIn,
amountOut,
swapCallData.path
);
return amountOut;
}
Updates

Lead Judging Commences

inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.