c4-pre-sort
commented
8 months ago raymondfam marked the issue as duplicate of #301
Closed c4-bot-3 closed 8 months ago
c4-pre-sort
commented
8 months ago raymondfam marked the issue as duplicate of #301
c4-judge
commented
8 months ago 0xA5DF marked the issue as unsatisfactory: Invalid
c4-judge
commented
8 months ago 0xA5DF marked the issue as unsatisfactory: Invalid
c4-judge
commented
8 months ago 0xA5DF marked the issue as unsatisfactory: Invalid
Lines of code
https://github.com/code-423n4/2023-11-shellprotocol/blob/main/src/adapters/Curve2PoolAdapter.sol#L142
Vulnerability details
Impact
The primitiveOutputAmount function reverts the transaction if the output amount is less than the minimumOutputAmount, which is a strict slippage protection. This could lead to failed transactions due to normal price fluctuations in the Curve pool.
Proof of Concept
The primitiveOutputAmount function reverts the transaction if the output amount is less than the minimumOutputAmount, which is a strict slippage protection. This could lead to failed transactions due to normal price fluctuations in the Curve pool.Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept.
Tools Used
Recommended Mitigation Steps
"Resolution": "Implement a more flexible slippage protection mechanism that allows for a certain percentage of slippage, or provide users with the option to set their own slippage tolerance.", "Source": "if (uint256(minimumOutputAmount) > outputAmount) revert SLIPPAGE_LIMIT_EXCEEDED();", "Solution": "Allow a slippage tolerance parameter that specifies the maximum allowable slippage percentage."
Assessed type
DoS