SSSwap

First Flight #41

Beginner FriendlyRust

100 EXP

View results

Previous Next

Submission Details

Severity: high

Valid

Insufficient Validation in Liquidity Provision

mishraji874

Description: In the liquidity_operations::provide_liquidity function, only the amount of token A is specified, and token B amount is calculated based on the current ratio. This can lead to unexpected slippage if the pool ratio changes between transaction submission and execution.

Impact: Users might provide more token B than expected, leading to financial losses.

Recommended Mitigation: Add a maximum token B parameter to the provide_liquidity function to protect users from unexpected price movements:

pub fn provide_liquidity(context: Context<ModifyLiquidity>,

amount_a: u64,

max_amount_b: u64

) -> Result<()> {

let amount_b = calculate_token_b_provision_with_a_given(

&mut context.accounts.vault_a,

&mut context.accounts.vault_b,

amount_a

)?;

require!(amount_b <= max_amount_b, AmmError::Slippage);

// Rest of the function

// ...

}

Updates

Lead Judging Commences

0xtimefliez Lead Judge

17 days ago

0xtimefliez Lead Judge 14 days ago

Submission Judgement Published

Validated

Assigned finding tags:

Liquidity Provision Lacks Slippage Protection

Rewards breakdown

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.