Closed code423n4 closed 2 years ago
https://github.com/code-423n4/2022-06-nested/blob/b4a153c943d54755711a2f7b80cbbf3a5bb49d76/contracts/operators/Beefy/lp/BeefyZapBiswapLPVaultOperator.sol#L246-L255 https://github.com/code-423n4/2022-06-nested/blob/b4a153c943d54755711a2f7b80cbbf3a5bb49d76/contracts/operators/Beefy/lp/BeefyZapUniswapLPVaultOperator.sol#L246-L255
in the function _swapAndAddLiquidity() it makes a call addLiquidity() with amountAMin and amountBMin hard coded to 1
_swapAndAddLiquidity()
addLiquidity()
recommend specifying a proper amountAMin and amountBMin rather than 1
We are checking the slippage at the end of the order. And not every operations. See deposit function
deposit
slippage control is done at: https://github.com/code-423n4/2022-06-nested/blob/b4a153c943d54755711a2f7b80cbbf3a5bb49d76/contracts/operators/Beefy/lp/BeefyZapBiswapLPVaultOperator.sol#L64
Lines of code
https://github.com/code-423n4/2022-06-nested/blob/b4a153c943d54755711a2f7b80cbbf3a5bb49d76/contracts/operators/Beefy/lp/BeefyZapBiswapLPVaultOperator.sol#L246-L255 https://github.com/code-423n4/2022-06-nested/blob/b4a153c943d54755711a2f7b80cbbf3a5bb49d76/contracts/operators/Beefy/lp/BeefyZapUniswapLPVaultOperator.sol#L246-L255
Vulnerability details
in the function
_swapAndAddLiquidity()
it makes a calladdLiquidity()
with amountAMin and amountBMin hard coded to 1recommend specifying a proper amountAMin and amountBMin rather than 1