Incorrect Slippage Control in Dex Adapters Leading to Slippage Attacks
Summary:
The Dex adapters (CurveAdapter, UniswapV2Adapter, UniswapV3Adapter) lack proper validation of the minimum output amount received from swaps, making them vulnerable to slippage attacks and potential fund loss.
Vulnerability Details:
In the CurveAdapter.sol, UniswapV2Adapter.sol, and UniswapV3Adapter.sol files, the swap functions accept a minAmountOut parameter but fail to enforce it after executing the swap. For example, in UniswapV2Adapter.sol, the code performs the swap via uniswapRouter.swapExactTokensForTokens but does not verify if the received amountOut meets the minAmountOut requirement. This allows malicious keepers or users to front-run swaps, manipulate prices, and execute trades with excessive slippage, resulting in significant losses for users.
Code Refrence:
Similar issues exist in
CurveAdapter.solandUniswapV3Adapter.sol.
Impact:
Attackers can exploit this to drain funds from users or the protocol by forcing swaps with minimal output. This vulnerability directly compromises the integrity of market-making operations and user trust.
Recommendations:
Add explicit checks after the swap to ensure amountOut >= minAmountOut. For example:
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.