SSSwap
First Flight #41
Beginner FriendlyRust
100 EXP
View results
Previous Next
Submission Details
Impact: high
Likelihood: high
Invalid

Unbounded Slippage Loss in swap_tokens Allows Arbitrary Drain

nonanondores

Root + Impact

Improper control over min_expected_amount allows extreme slippage attacks.

Description

Normally, a swap user expects a reasonable amount of output tokens based on current reserves and pricing formula.
However, the contract allows any user to pass very low or zero min_expected_amount, bypassing safety.

/ @> swap_operations.rs
pub fn swap_tokens(...) -> Result<...> {
...
// No check to reject high slippage — attacker sets min_expected_amount = 1
ensure!(output_amount >= min_expected_amount, Error::SlippageExceeded); // @>
...
}

Risk

Likelihood:

  • Anyone can call swap_tokens with low min_expected_amount at any time
    A bot or malicious LP can manipulate pool state, then front-run users with unsafe slippage

Impact:

  • Users may receive near-zero tokens for large inputs (arbitrary loss)

  • Entire pool can be drained via repeated bad swaps with 0 min

Proof of Concept

User passes min_expected_amount = 1 (or 0), receives garbage output, exploits pricing:

swap_tokens(
from_token = USDC,
to_token = ETH,
amount_in = 10_000_000,
min_expected_amount = 1, // no slippage protection
)

  • Reserve is manipulated to generate poor rate

  • Swap succeeds, user receives almost nothing back

Recommended Mitigation

Enforce dynamic or fixed slippage thresholds, such as:

let max_slippage = Decimal::percent(5);
let expected = get_expected_amount(...);
let allowed_min = expected * (Decimal::one() - max_slippage);
ensure!(output_amount >= allowed_min, Error::SlippageTooHigh);

Also reject any 0 or 1 min_expected_amount directly.

Updates

Lead Judging Commences

0xtimefliez Lead Judge 8 days ago
Submission Judgement Published
Invalidated
Reason: Design choice

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.