search

Fujicracy / fuji-v2

Cross-chain money market aggregator
https://fuji-v2-frontend.vercel.app
15 stars 10 forks source link

Remove connext router redundant slippage check #531

Closed 0xdcota closed 1 year ago

0xdcota commented 1 year ago

The hardcoded slippage check included in the encoded arguments in the xReceive(...) function of the contract ConnextRouter.sol L146 and further checked in L243:

function xReceive(
    bytes32 transferId,
    uint256 amount,
    address asset,
    address originSender,
    uint32 originDomain,
    bytes memory callData
  )
    external
    returns (bytes memory)
  {
    (Action[] memory actions, bytes[] memory args, uint256 slippageThreshold) =
      abi.decode(callData, (Action[], bytes[], uint256));
function _checkSlippage(uint256 original, uint256 received, uint256 threshold) internal pure {
    uint256 upperBound = (original * (10000 + threshold)) / 10000;
    uint256 lowerBound = (original * 10000) / (10000 + threshold);
    if (received > upperBound || received < lowerBound) {
      revert ConnnextRouter__checkSlippage_outOfBounds();
    }
  }

creates a problem when user updates slippage at the Connext.sol contract (outside the scope of Fuji). Meaning that there is a difference of slippage acceptance between Fuji and Connext. From a user experience the slippage change should be atomic and updated simultaneaously both in Connext and Fuji.

Therefore, after internal consideration we believe Fuji's slippage check is redundant and must be removed.

Additionally this resolution solves additional problems reported by the Macro audit in issues M-7 #454 and M-8 #455.