Users tokens may be burned in a forced swap execution under manipulated conditions
When a swap request expires without being fulfilled, the refundSwap() function is called to return the user's deposited USD tokens minus the base fee. However, in fulfillSwap(), if the request is processed before it expires but under unfair conditions (such as an unfavorable price manipulated by a keeper), the USD tokens are burned without the user having an option to cancel or adjust their swap. This happens in the following code snippet:
The issue arises because users cannot proactively cancel their swap before fulfillment, and they are entirely dependent on the keepers (who may have conflicting incentives). If a swap is about to expire and no keeper fulfills it in time, the user might prefer a refund instead of being forced into a bad trade. However, since fulfillment occurs at the keeper’s discretion and the USD tokens are burned immediately, users lose the ability to reclaim their funds.
Impact:
Users lose control over their funds as their USD tokens may be burned in a forced swap execution under manipulated conditions, even if they would have preferred to receive a refund instead.
Mitigation:
Allow users to cancel their swap requests manually before fulfillment if they are unhappy with market conditions, preventing forced execution.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.