search

code-423n4 / 2023-08-dopex-findings

3 stars 3 forks source link

Swap Slippage Check Missing Location: reLP function #2185

Closed code423n4 closed 11 months ago

code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-08-dopex/blob/main/contracts/reLP/ReLPContract.sol#L277

Vulnerability details

Impact

If the swap doesn't meet the slippage tolerance, the function will still continue executing. This could lead to the contract holding less tokenA than expected, which could affect the subsequent addLiquidity call and the final balances of the AMO and rdpxV2Core.

Proof of Concept

Exploit Scenario: If the swap doesn't meet the slippage tolerance, the function will still continue executing, potentially leading to the contract holding less tokenA than expected.

Tools Used

Foundry

Recommended Mitigation Steps

Add a require statement after the swap to check if the amount of tokenA received is greater than or equal to the minimum amount expected. This will immediately revert the transaction if the swap didn't meet the slippage tolerance, preventing the function from continuing with less tokenA than expected.

require(tokenAAmountOut >= mintokenAAmount, "reLPContract: swap amount less than expected");

Assessed type

Invalid Validation

c4-pre-sort commented 12 months ago

bytes032 marked the issue as low quality report

bytes032 commented 12 months ago

That happens @ uni level

c4-judge commented 11 months ago

GalloDaSballo marked the issue as unsatisfactory: Invalid