Closed code423n4 closed 2 years ago
0xRajeev
The setSlippage() function checks the new slippage value against an upper threshold of 100% which is a very loose upper bound for slippage.
https://github.com/code-423n4/2021-09-yaxis/blob/cf7d9448e70b5c1163a1773adb4709d9d6ad6c99/contracts/v3/Harvester.sol#L170
Manual Analysis
Consider a tighter upper bound check for slippage.
The condition only makes sure the input is a valid value, the slippage itself should be taken care of by the function caller.
Disputed because duh
Handle
0xRajeev
Vulnerability details
Impact
The setSlippage() function checks the new slippage value against an upper threshold of 100% which is a very loose upper bound for slippage.
Proof of Concept
https://github.com/code-423n4/2021-09-yaxis/blob/cf7d9448e70b5c1163a1773adb4709d9d6ad6c99/contracts/v3/Harvester.sol#L170
Tools Used
Manual Analysis
Recommended Mitigation Steps
Consider a tighter upper bound check for slippage.