Haz077
commented
2 years ago The condition only makes sure the input is a valid value, the slippage itself should be taken care of by the function caller.
Closed code423n4 closed 2 years ago
Haz077
commented
2 years ago The condition only makes sure the input is a valid value, the slippage itself should be taken care of by the function caller.
GalloDaSballo
commented
2 years ago Disputed because duh
Handle
0xRajeev
Vulnerability details
Impact
The setSlippage() function checks the new slippage value against an upper threshold of 100% which is a very loose upper bound for slippage.
Proof of Concept
https://github.com/code-423n4/2021-09-yaxis/blob/cf7d9448e70b5c1163a1773adb4709d9d6ad6c99/contracts/v3/Harvester.sol#L170
Tools Used
Manual Analysis
Recommended Mitigation Steps
Consider a tighter upper bound check for slippage.