Part 2
Zaros
PerpetualsDEXFoundrySolidity
70,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

No Slippage Control in WETH Conversions in FeeDistributionBranch::convertAccumulatedFeesToWeth

shrxyeh

Summary

There is no mechanism to guard against unfavorable slippage, potentially exposing the
protocol to front-running. A malicious party can anticipate a large token-to-WETH trade, adjust
the on-chain liquidity or manipulate the price, and force the protocol to swap at a notably
worse rate. The code does not verify that the final output meets a minimum threshold, which
can result in significantly reduced WETH proceeds for the protocol and vault participants.

Vulnerability Details

  • The convertAccumulatedFeesToWeth function lacks slippage control mechanisms, enabling front-running attacks.

  • The function does not verify that the final output meets a minimum threshold.

  • Malicious parties can manipulate on-chain liquidity or prices to force swaps at worse rates.

function convertAccumulatedFeesToWeth(
uint128 marketId,
address asset,
uint128 dexSwapStrategyId,
bytes calldata path
) external onlyRegisteredSystemKeepers {
// ...calls dexSwapStrategy.executeSwapExactInput or executeSwapExactInputSingle...
}

Impact

This vulnerability can lead to significantly reduced WETH proceeds, harming both the protocol and its participants.

Tools Used

Manual code review

Recommendations

  • Enforce slippage limits by integrating checks for acceptable price ranges.

  • Set minimum acceptable output amounts for swaps.

Updates

Lead Judging Commences

inallhonesty Lead Judge
7 months ago
inallhonesty Lead Judge 6 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.