Stratax Contracts

First Flight #57

Beginner FriendlyDeFi

100 EXP

View all submissions

Previous Next

Submission Details

Impact: medium

Likelihood: medium

Hardcoded 5% Slippage Buffer Is Too Rigid for All Market Conditions

Author Revealed upon completion

Root + Impact

Location: src/Stratax.sol:468

Description

calculateUnwindParams applies a hardcoded 5% slippage buffer to the collateral withdrawal amount. This single fixed value applies to all token pairs, all liquidity environments, and all market conditions, with no ability to adjust.

// src/Stratax.sol:468

collateralToWithdraw = (collateralToWithdraw * 1050) / 1000; // @> hardcoded 5% — not configurable

Risk

Likelihood:

Illiquid or exotic token pairs routinely experience slippage beyond 5% — the buffer will be insufficient during stress periods
In stable conditions with deep liquidity, 5% causes unnecessary over-withdrawal that gets locked in Aave per M-2

Impact:

Under high volatility or thin liquidity: swap proceeds fall short of flash loan + premium, unwind reverts — position cannot be closed
Under normal conditions, excess collateral is over-withdrawn and re-deposited to Aave, requiring additional steps to fully exit

Proof of Concept

// SPDX-License-Identifier: UNLICENSED

pragma solidity ^0.8.13;

// Numeric trace showing position stuck when real slippage > 5%:

// Aave position:

// collateral = 10,000 USDC

// debt = 5,000 USDC worth of WBTC (illiquid pair)

// calculateUnwindParams():

// collateralToWithdraw = 5,000 * 1.05 = 5,250 USDC (5% hardcoded buffer)

// _executeUnwindOperation():

// flash loan = 5,000 USDC (debt amount)

// repays debt, withdraws 5,250 USDC collateral

// Swap USDC → WBTC on thin liquidity: 8% slippage

// returnAmount = 5,250 * 0.92 = 4,830 USDC worth of WBTC

// Flash loan repayment check:

// totalDebt = 5,000 + 4.5 (0.09% fee) = 5,004.5 WBTC equivalent

// returnAmount = 4,830 < 5,004.5

// require(returnAmount >= totalDebt) → REVERTS

// Result: position cannot be closed — user's collateral remains locked in Aave

Recommended Mitigation

Replace the hardcoded 1050 multiplier with a configurable slippageBps parameter. Allowing the caller to specify slippage at call time lets the owner account for current market conditions, while owner-controlled bounds prevent malicious or accidental over-withdrawal.
Expose slippageBps as a caller parameter or owner-settable state variable with enforced bounds (e.g., 50–1000 bps).

- collateralToWithdraw = (collateralToWithdraw * 1050) / 1000;

+ collateralToWithdraw = (collateralToWithdraw * (1000 + slippageBps)) / 1000;

Rewards breakdown

nSLOC

356

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!