c4-judge
commented
1 year ago trust1995 marked the issue as duplicate of #828
Closed code423n4 closed 1 year ago
c4-judge
commented
1 year ago trust1995 marked the issue as duplicate of #828
c4-judge
commented
1 year ago trust1995 marked the issue as satisfactory
c4-judge
commented
1 year ago trust1995 marked the issue as duplicate of #177
c4-judge
commented
1 year ago trust1995 changed the severity to 3 (High Risk)
c4-judge
commented
1 year ago trust1995 changed the severity to 2 (Med Risk)
Lines of code
https://github.com/code-423n4/2023-05-maia/blob/54a45beb1428d85999da3f721f923cbf36ee3d35/src/talos/base/TalosBaseStrategy.sol#L206-L207
Vulnerability details
Impact
In the deposit function within the TalosBaseStrategy contract, both slippage for two tokens (amount0Min and amount1Min) are hardcoded to zero. This can have severe implications as users may unintentionally accept a minimum of zero output tokens from a swap.
Proof of Concept
https://github.com/code-423n4/2023-05-maia/blob/54a45beb1428d85999da3f721f923cbf36ee3d35/src/talos/base/TalosBaseStrategy.sol#L206-L207.
As seen here, the hardcoding of zero slippage could potentially result in significant losses for users due to receiving no output tokens from the swap.
Tools Used
Manual Review
Recommended Mitigation Steps
It is advised to enable users to specify their preferred slippage. This will provide users with greater control reducing the risk of unexpected losses due to accepting swaps with no output tokens.
Assessed type
Other