Summary

The initiateSwap function in StabilityBranch.sol does not enforce a check to ensure that the amount a user is trying to swap is greater than the base fee. This can result in tokens getting stuck in the contract if the swap is not fulfilled.

Vulnerability Details

When a user initiates a swap via initiateSwap, the function transfers amountsIn[i] of the USD token to the contract but does not verify that this amount exceeds the base fee (baseFeeUsd). Later, if the swap request expires and the user attempts to refund their tokens via refundSwap, the function deducts the base fee before refunding the remainder. If the initial amountIn is less than baseFeeUsd, the refund amount becomes negative, leading to the transaction reverting and preventing users from reclaiming their funds.

Impact

• Users who initiate swaps with an amountIn smaller than baseFeeUsd will be unable to recover their funds if the swap is not fulfilled.

• The contract will accumulate stuck tokens over time, leading to potential loss of user funds.

Tools Used

• Manual code review

Recommendations

• Add a check in initiateSwap to ensure that amountsIn[i] is greater than baseFeeUsd. Example fix:

  if (amountsIn[i] <= tokenSwapData.baseFeeUsd) {

  revert Errors.InsufficientAmountForSwap(amountsIn[i], tokenSwapData.baseFeeUsd);

  }

• Consider implementing a mechanism to allow protocol administrators to recover stuck tokens if necessary.