Liquidity Management

Gamma

DeFiFoundry

50,000 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

Mitigating Slippage Vulnerabilities in PerpetualVault Contract

ka13ar

Summary

This audit report revisits the slippage swap vulnerability identified in the PerpetualVault contract. Previously, the _doDexSwap function calculated the output token amount based on balance differences without enforcing a minimum acceptable amount. The new recommendation introduces a minimum output check to ensure that if the swap returns fewer tokens than expected, the transaction will revert. This update greatly enhances the safety of swap operations and protects user funds from excessive slippage.

Vulnerability Details

Lack of Minimum Output Check:
The original implementation of _doDexSwap only measured the difference in token balances before and after the swap. It did not verify whether the amount received met a minimum expected threshold, leaving the contract vulnerable to adverse market conditions or malicious manipulation.
Potential Exploit Scenario:
An attacker or a sudden market movement could force a swap to yield significantly fewer tokens than anticipated. Without a proper check, the contract would proceed with the transaction, potentially causing a loss of user funds.

Impact

User Fund Loss:
Accepting a swap with a lower-than-expected output could result in substantial financial losses for users.
Exposure to Manipulation:
The absence of slippage protection increases the risk of front-running or other exploitative strategies that target the contract's swap mechanism.
Compromised Contract Integrity:
Continued operation without slippage safeguards can undermine user trust and the overall financial stability of the vault.

Tools Used

Manual Code Review:
A detailed review of the contract’s swap functionality identified the missing minimum output check.

Recommendations

To mitigate the identified risk, update the _doDexSwap function to include a minimum output parameter check. This change requires the swap data to provide a minimum expected output value, which is then compared against the actual output obtained from the swap. If the actual output is less than the minimum, the transaction reverts. Below is an example implementation:

/**

* @dev Executes a DEX swap using Paraswap with a minimum output check.

* @param data Encoded swap transaction data. The data now includes a minimum output parameter.

* It should be encoded as: abi.encode(to, amount, minOutput, callData)

* @param isCollateralToIndex Direction of swap. If true, swap `collateralToken` to `indexToken`.

* @return outputAmount The amount of output tokens received from the swap.

function _doDexSwap(bytes memory data, bool isCollateralToIndex) internal returns (uint256 outputAmount) {

// Decode the swap data including a minimum output value

(address to, uint256 amount, uint256 minOutput, bytes memory callData) = abi.decode(data, (address, uint256, uint256, bytes));

IERC20 inputToken;

IERC20 outputToken;

if (isCollateralToIndex) {

inputToken = collateralToken;

outputToken = IERC20(indexToken);

} else {

inputToken = IERC20(indexToken);

outputToken = collateralToken;

}

// Record the balance of the output token before the swap

uint256 balanceBefore = outputToken.balanceOf(address(this));

// Execute the swap via Paraswap

ParaSwapUtils.swap(to, callData);

// Calculate the amount of tokens received from the swap

outputAmount = outputToken.balanceOf(address(this)) - balanceBefore;

// Revert if the output is less than the minimum acceptable amount

require(outputAmount >= minOutput, "Slippage: Insufficient output from swap");

emit DexSwap(address(inputToken), amount, address(outputToken), outputAmount, isCollateralToIndex);

}

Benefits of This Change

Enhanced Safety:
The minimum output parameter ensures that the swap will only proceed if it meets the expected threshold, protecting against adverse price movements.
Prevention of Undesirable Swaps:
Reverting the transaction when slippage exceeds acceptable limits prevents potential loss of funds.
Consistent Security Practices:
Incorporating explicit checks in swap operations aligns with best practices for decentralized finance (DeFi) contracts.

Updates

Lead Judging Commences

n0kto Lead Judge 9 months ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Assigned finding tags:

invalid_swap_slippage_and_deadline

Slippage and deadline are handled externally. Paraswap implementation used by the current code (behind the proxy): https://etherscan.io/address/0xdffd706ee98953d3d25a3b8440e34e3a2c9beb2c GMX code: https://github.com/gmx-io/gmx-synthetics/blob/caf3dd8b51ad9ad27b0a399f668e3016fd2c14df/contracts/order/OrderUtils.sol#L150C15-L150C33

Prize pool breakdown

Total prize

50,000 USDC

nSLOC

1,910

26 USDC / LOC

High Medium

47,500

Low

2,500

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!