Part 2
Zaros
PerpetualsDEXFoundrySolidity
70,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Lack of DEX Return Amount Validation in FeeDistributionBranch::convertAccumulatedFeesToWeth function

shrxyeh

Summary

The function convertAccumulatedFeesToWeth does not validate the minimum output amount during swaps, exposing the protocol to slippage and sandwich attacks.

Vulnerability Details

  • The function performs swaps without checking if the output meets a minimum threshold.

  • This could result in significant value loss due to slippage or sandwich attacks.

javascript

if (path.length == 0) {
SwapExactInputSinglePayload memory swapCallData =
SwapExactInputSinglePayload({
tokenIn: asset,
tokenOut: ctx.weth,
amountIn: ctx.assetAmount,
recipient: address(this)
});
ctx.tokensSwapped =dexSwapStrategy.executeSwapExactInputSingle(swapCallData);
}

Impact

Potential loss of value when converting accumulated fees to WETH, especially in volatile or low liquidity market conditions.

Tools Used

Manual code review

Recommendations

  • Implement minimum output amount checks to guard against unfavorable slippage.

  • Consider using a slippage tolerance parameter.

Updates

Lead Judging Commences

inallhonesty Lead Judge
7 months ago
inallhonesty Lead Judge 6 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Appeal created

shrxyeh Submitter
6 months ago
inallhonesty Lead Judge
6 months ago
inallhonesty Lead Judge 6 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.