Calculating slippage from price oracle is not accurate

[code423n4]

Lines of code

https://github.com/code-423n4/2023-08-dopex/blob/main/contracts/core/RdpxV2Core.sol#L544-L549

Vulnerability details

Impact

calculating slippage using oracle prices will lead to inaccurate slippage values , due to this swaps will fail or execute with higher slippage.

Proof of Concept

In _curveSwap function of RdpxV2Core contract slippage is being calculated using oracles prices. But oracles like chainlink don't reflect the prices of AMM's like Curve or Uniswap immediately. There will be some delay.

So oracles prices will always deviate a bit from on-chain AMM exchange rates , so executing swaps with on-chain calculated slippage will sometimes lead to higher slippage and loss of funds.

Sponsor is also mentioned this we will be running our own oracles to start with but we are working with chainlink to get pricefeeds and will shift to that once its done.

So chances of prices being deviated from actual AMM exchange rates is higher in this case.

Tools Used

Recommended Mitigation Steps

slippage calculated off-chain should used always instead of calculating it on-chain.

Assessed type

Oracle

[bytes032]

Over inflated severity

[c4-pre-sort]

bytes032 marked the issue as low quality report

[c4-judge]

GalloDaSballo marked the issue as unsatisfactory: Invalid

[GalloDaSballo]

The entire point of the oracle is protect against attacks, reverting is intended