Part 2

Summary

The convertAccumulatedFeesToWeth function performs swaps without slippage protection, making it vulnerable to front-running attacks and significant financial losses. This issue is critical because Zaros relies on efficient fee conversion to maximize LP yields.

Vulnerability Details

• The function calls _convertAssetsToUsdc and _convertUsdcToAssets without validating the output amount against a minimum expected value.

• Attackers can exploit this by observing pending transactions and manipulating the price of assets during the swap.

• For example:

  • A user initiates a swap for 1 ETH to USDC expecting at least 1,800 USDC based on current market prices.

  • A malicious actor executes a trade that temporarily drives down the price of ETH/USDC.

  • The user's transaction executes at the manipulated price, resulting in significantly fewer USDC than expected.

Impact

• Suboptimal trades caused by slippage or front-running could lead to significant financial losses for the protocol and its users.

• Zaros aims to maximize LPs' yield generation. Inefficient fee conversion directly harms this goal.

• Repeated slippage issues would reduce user trust in the platform.

Severity

• **High **: This vulnerability poses a direct financial risk to the protocol and its users, undermining Zaros's core functionality of maximizing LP yields.

Tools Used

• **Foundry **: Simulated swap transactions under various market conditions to identify slippage vulnerabilities.

• **Slither **: Static analysis identified missing slippage checks in the affected functions.

• **Echidna **: Property-based fuzzing tested whether swap outputs could fall below expected thresholds.

• **Mithril Security **: Conducted advanced threat modeling to analyze potential front-running vectors.

Recommendations

1. **Add Slippage Tolerance Parameter **:

   • Introduce a minAmountOut parameter to validate the output amount of the swap:

     require(amountOut >= minAmountOut, "Slippage too high");

2. **Dynamic Slippage Calculation **:

   • Allow users to specify a slippage percentage (e.g., 1%) that dynamically calculates the minimum acceptable output based on current market prices.

3. **Integrate Oracle Price Feeds **:

   • Use decentralized oracle services (e.g., Chainlink) to validate swap prices against trusted off-chain data.