amountAMin and amountBMin set to 1

[code423n4]

Lines of code

https://github.com/code-423n4/2022-06-nested/blob/b4a153c943d54755711a2f7b80cbbf3a5bb49d76/contracts/operators/Beefy/lp/BeefyZapBiswapLPVaultOperator.sol#L246-L255 https://github.com/code-423n4/2022-06-nested/blob/b4a153c943d54755711a2f7b80cbbf3a5bb49d76/contracts/operators/Beefy/lp/BeefyZapUniswapLPVaultOperator.sol#L246-L255

Vulnerability details

in the function _swapAndAddLiquidity() it makes a call addLiquidity() with amountAMin and amountBMin hard coded to 1

recommend specifying a proper amountAMin and amountBMin rather than 1

[obatirou]

amountAMin and amountBMin set to 1 (disputed)

We are checking the slippage at the end of the order. And not every operations. See deposit function

[jack-the-pug]

slippage control is done at: https://github.com/code-423n4/2022-06-nested/blob/b4a153c943d54755711a2f7b80cbbf3a5bb49d76/contracts/operators/Beefy/lp/BeefyZapBiswapLPVaultOperator.sol#L64