Stratax Contracts

First Flight #57

Beginner FriendlyDeFi

100 EXP

View all submissions

Previous Next

Submission Details

Impact: high

Likelihood: medium

As of L8er

Author Revealed upon completion

Root + Impact

Description: Protocol swaps use 1inch DEX aggregator without slippage protection or minimum output amounts. MEV bots can sandwich these swaps, extracting value from every position creation and unwinding.

// In Stratax.sol

function _executeSwap(...) internal {

// @> No minAmountOut parameter

// @> No deadline

// @> No slippage check

uint256 amountOut = oneInch.swap(tokenIn, tokenOut, amountIn, swapData);

}

Risk

Likelihood:

All Ethereum transactions visible in public mempool before execution
MEV bots actively scan for profitable sandwich opportunities
1inch swaps without slippage protection are prime targets
Occurs on every position creation and unwinding

Impact:

Users receive 5-15% worse prices on all swaps (continuously)
Positions start unhealthy due to bad swap rates
Protocol appears functional but users suffer hidden losses
Estimated 5-15% of all swap volume extracted by MEV bots

Proof of Concept

1. User submits createLeveragedPosition transaction (public mempool)

2. MEV bot sees transaction, identifies swap parameters

3. MEV bot front-runs: Buys ETH (raises price)

4. User's swap executes at inflated price (pays more)

5. MEV bot back-runs: Sells ETH (profits from spread)

6. User receives less collateral than expected

7. Position health factor lower than intended, may be liquidated

Recommended Mitigation

- function _executeSwap(...) internal {

+ function _executeSwap(

+ address tokenIn,

+ address tokenOut,

+ uint256 amountIn,

+ uint256 minAmountOut, // User-specified minimum

+ uint256 deadline,

+ bytes memory swapData

+ ) internal {

+ require(block.timestamp <= deadline, "Swap expired");

uint256 amountOut = oneInch.swap(tokenIn, tokenOut, amountIn, swapData);

+ require(amountOut >= minAmountOut, "Slippage too high");

}

// Additionally, consider:

// - Using Flashbots/private mempool for swaps

// - Limiting maximum price impact (e.g., 5%)

// - Comparing 1inch price to oracle price as sanity check

Rewards breakdown

nSLOC

356

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!