In OptionsPositionManager.sol, swapExactTokensForTokens() has used the hardcoded slippage of 1% which is used in withdrawOptionAssets() and swapTokens() functions.
Issue here is that user can end up giving away the full 1% unconditionally to market situation because there may not be enough token available. Another one is that knowing that the conditions are bad or that there are not enough tokens available and willing to run the exchange with bigger slippage the user will not be able to as there are no means to control it and the functionality will end up unavailable.
Lines of code
https://github.com/code-423n4/2023-08-goodentry/blob/71c0c0eca8af957202ccdbf5ce2f2a514ffe2e24/contracts/PositionManager/OptionsPositionManager.sol#L477
Vulnerability details
Impact
In OptionsPositionManager.sol, swapExactTokensForTokens() has used the hardcoded slippage of 1% which is used in withdrawOptionAssets() and swapTokens() functions.
Issue here is that user can end up giving away the full 1% unconditionally to market situation because there may not be enough token available. Another one is that knowing that the conditions are bad or that there are not enough tokens available and willing to run the exchange with bigger slippage the user will not be able to as there are no means to control it and the functionality will end up unavailable.
Proof of Concept
https://github.com/code-423n4/2023-08-goodentry/blob/71c0c0eca8af957202ccdbf5ce2f2a514ffe2e24/contracts/PositionManager/OptionsPositionManager.sol#L477
Tools Used
Manual Review
Recommended Mitigation Steps
Consider adding the function argument with a default value of 1%, so the slippage can be tuned when it is needed.
Assessed type
Other