Closed 0xdcota closed 1 year ago
@brozorec this is the last of the CS - security audit findings. I implemented 3 simple tests for the swapper.
In the process of fixing the swapper, I thought that we should implement quoting methods, wdyt?
I implemented these compute_amountOut
and compute_amountIn
in the test file, but I actually think this should be part of the Swapper interface itself.
In addition, I propose we make an additional ticket-issue to make the swapper more secure against slippage. This is by checking the price against an external oracle. We did something similar on V1.
In the process of fixing the swapper, I thought that we should implement quoting methods, wdyt?
I implemented these compute_amountOut and compute_amountIn in the test file, but I actually think this should be part of the Swapper interface itself.
@DaigaroCota I agree but let's call them getAmountIn
and getAmountOut
:)
In addition, I propose we make an additional ticket-issue to make the swapper more secure against slippage. This is by checking the price against an external oracle. We did something similar on V1.
a very good idea :+1:
@brozorec ready for review.
Additional issue created to add external oracle check; refer to #255 .
@ComposableSecurityTeam this is 2/2 missing PRs to complete Audit findings (excluding informational).
This PR should be merged after 225.