Part 2

Zaros

PerpetualsDEXFoundrySolidity

70,000 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

Same `slippageToleranceBps` used for both single pool and multiple pools swaps allows swap executions at unfavorable rates

alexczm

Summary

Using same slippage value for single swaps and multi-hop swaps allows single swaps to be executed at worse prices.

Vulnerability Details

Protocol uses calculateAmountOutMin to calculate the amount of tokenOut expected considering the slippageToleranceBps variable.
This function is used in both single-swap - executeSwapExactSingle and multi-hop swaps - executeSwapExactInput, given the provided pools path.

Multi-hop swaps needs a larger slippage tolerance to account for fees paid to multiple pools and accumulated slippage over the same pools.
By using same slippageToleranceBps value for both types of swap allows single swap to be executed with with higher slippage than necessary.

Impact

Single pool swaps may be executed at worse rates, to the detriment of protocol.

Tools Used

Recommendations

Consider adding a new slippageToleranceBpsSingleSwap and use it for single single pool token swaps.

Updates

Lead Judging Commences

inallhonesty Lead Judge 4 months ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Prize pool breakdown

Total prize

70,000 USDC

nSLOC

3,258

21 USDC / LOC

High Medium

66,500

Low

3,500

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.