Liquidity Management
Gamma
DeFiFoundry
50,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Lack of Slippage Protection can allow keep swap at unfavourable conditions

efccweb3

Summary

The current swap implementation lacks explicit slippage protection, exposing the protocol to potential economic inefficiencies even when executed by a trusted keeper.

Vulnerability Details

function _doDexSwap(bytes memory data, bool isCollateralToIndex) internal returns (uint256 outputAmount) {
// No minimum output validation
ParaSwapUtils.swap(to, callData);
outputAmount = outputToken.balanceOf(address(this)) - balBefore;
// No slippage check ⚠️
emit DexSwap(...);
}

  • Intended Swap: 100 USDC → WETH

  • Expected Output: 0.05 WETH

  • Actual Received: 0.025 WETH

  • Loss: 50% of expected swap value

Impact

  • Keeper executes swap at an economically unfavorable moment

  • No mechanism to prevent extremely poor swap rates

Absence of minimum output validation

Tools Used

AGI

Recommendations

function _doDexSwap(
bytes memory data,
bool isCollateralToIndex,
uint256 minExpectedOutput // <---
) internal returns (uint256 outputAmount) {
// Existing swap logic

// Slippage protection
require(
outputAmount >= minExpectedOutput, // <--- add a check
"Swap output below minimum expected"
);

}

Updates

Lead Judging Commences

n0kto Lead Judge 5 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

invalid_swap_slippage_and_deadline

Slippage and deadline are handled externally. Paraswap implementation used by the current code (behind the proxy): https://etherscan.io/address/0xdffd706ee98953d3d25a3b8440e34e3a2c9beb2c GMX code: https://github.com/gmx-io/gmx-synthetics/blob/caf3dd8b51ad9ad27b0a399f668e3016fd2c14df/contracts/order/OrderUtils.sol#L150C15-L150C33

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.