Missing Slippage Control in Swaps
Summary
In the CreditDelegationBranch.sol the _convertAssetsToUsdc function the executeSwapExactInputSingle method of the dexSwapStrategy is being used without a slippage control mechanism.
Vulnerability Details
In this function, the executeSwapExactInputSingle method is called without any slippage control, meaning there is no minAmountOut parameter to enforce a minimum acceptable amount of USDC received from the swap.
Impact
Unfavorable Prices: In the absence of slippage control, swaps may execute at prices significantly different from the expected ones. This can lead to receiving less USDC than anticipated, causing financial losses.
Price Manipulation: Attackers might exploit this vulnerability by manipulating the market price at the time of the swap, resulting in highly unfavorable swap rates.
Front-Running Attacks: Malicious actors can front-run the swap transaction, leading to worse prices for the original transaction due to slippage.
Market Volatility: During periods of high market volatility, the lack of slippage control can result in extreme deviations in swap outcomes, causing significant financial losses.
Tools Used
Manual review.
Recommendations
To mitigate this issue, it is essential to add a minAmountOut parameter and validate the actual output against it.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.