search

code-423n4 / 2023-05-juicebox-findings

1 stars 1 forks source link

Transaction revert due 0 slippage #136

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-05-juicebox/blob/9d0458282511ff269b3b35b5b082b56d5cc08663/juice-buyback/contracts/JBXBuybackDelegate.sol#L197

Vulnerability details

Impact

didpay function can revert in case of non intencionaly 0 slippage

Proof of Concept

in case the person in charge set a wrong slippage in JBDidPayData struct the division (_quote * _slippage / SLIPPAGE_DENOMINATOR) can round to 0 and set a _slippage of 0 wich can fail due the volatility.

uint256 _minimumReceivedFromSwap = _quote - (_quote * _slippage / SLIPPAGE_DENOMINATOR);

https://github.com/code-423n4/2023-05-juicebox/blob/9d0458282511ff269b3b35b5b082b56d5cc08663/juice-buyback/contracts/JBXBuybackDelegate.sol#L197

Tools Used

manual

Recommended Mitigation Steps

make a new memory variable and check for 0 slippage

uint256 amountToSubstract = (_quote * _slippage / SLIPPAGE_DENOMINATOR)
if (amountToSubstract == 0){
revert CUSTOM_ERROR();
uint256 _minimumReceivedFromSwap = _quote - amountToSubstract;

Assessed type

Other

dmvt commented 1 year ago

mitigation has the same result as the fix

c4-pre-sort commented 1 year ago

dmvt marked the issue as low quality report

c4-judge commented 1 year ago

dmvt marked the issue as unsatisfactory: Insufficient quality