Closed code423n4 closed 2 years ago
https://github.com/code-423n4/2022-06-nested/blob/b4a153c943d54755711a2f7b80cbbf3a5bb49d76/contracts/operators/Beefy/lp/BeefyZapBiswapLPVaultOperator.sol#L238-L244 https://github.com/code-423n4/2022-06-nested/blob/b4a153c943d54755711a2f7b80cbbf3a5bb49d76/contracts/operators/Beefy/lp/BeefyZapUniswapLPVaultOperator.sol#L238-L244
in the function _swapAndAddLiquidity() it makes a call swapExactTokensForTokens() with slippage hard coded to 1
_swapAndAddLiquidity()
swapExactTokensForTokens()
this could lead to the user receiving much less tokens than expected due to being frontrun / sandwiched which will result in a loss of funds
recommend specifying a proper amountOutMin rather than 1
amountOutMin
We are checking the slippage at the end of the order. And not every operations. See deposit function
deposit
Lines of code
https://github.com/code-423n4/2022-06-nested/blob/b4a153c943d54755711a2f7b80cbbf3a5bb49d76/contracts/operators/Beefy/lp/BeefyZapBiswapLPVaultOperator.sol#L238-L244 https://github.com/code-423n4/2022-06-nested/blob/b4a153c943d54755711a2f7b80cbbf3a5bb49d76/contracts/operators/Beefy/lp/BeefyZapUniswapLPVaultOperator.sol#L238-L244
Vulnerability details
in the function
_swapAndAddLiquidity()
it makes a callswapExactTokensForTokens()
with slippage hard coded to 1this could lead to the user receiving much less tokens than expected due to being frontrun / sandwiched which will result in a loss of funds
recommend specifying a proper
amountOutMin
rather than 1