c4-bot-2 commented 8 months ago

Lines of code

https://github.com/code-423n4/2024-01-decent/blob/07ef78215e3d246d47a410651906287c6acec3ef/src/swappers/UniSwapper.sol#L123-L141

Vulnerability details

Impact

hardcoded slippage can freeze users funds during market turblances.

the if you look at the function swapExactin in uniswapper.sol you will see the slippage is hard coded for the amount in which is unacceptable at all,tokens price may go down.

the function swapExactIn did it like this swapExactIn

If Luna/UST things happen again, users' funds may get locked.

as it is in uniswap docs hardly specified that this is very dangerous docs: amountOutMinimum: we are setting to zero, but this is a significant risk in production. For a real deployment, this value should be calculated using our SDK or an onchain price oracle - this helps protect against getting an unusually bad price for a trade due to a front running sandwich or another type of price manipulation

https://docs.uniswap.org/contracts/v3/guides/swaps/single-swaps#swap-input-parameters

the amount of amountOutMinimum should be only taken from oracle or uniswap SDK like how all projects do and uniswap said in docs otherwise problem.

Proof of Concept


 function swapExactIn(
        SwapParams memory swapParams, // SwapParams is a struct
        address receiver
    ) public payable routerIsSet returns (uint256 amountOut) {
        swapParams = _receiveAndWrapIfNeeded(swapParams);

        IV3SwapRouter.ExactInputParams memory params = IV3SwapRouter
            .ExactInputParams({
                path: swapParams.path,
                recipient: address(this),
                amountIn: swapParams.amountIn,
                amountOutMinimum: swapParams.amountOut
            });

        IERC20(swapParams.tokenIn).approve(uniswap_router, swapParams.amountIn);
        amountOut = IV3SwapRouter(uniswap_router).exactInput(params);

        _sendToRecipient(receiver, swapParams.tokenOut, amountOut);
    }

Tools Used

vs code

Recommended Mitigation Steps

consider using uniswap advices as its best source: "For a real deployment, this value should be calculated using our SDK or an onchain price oracle - this helps protect against getting an unusually bad price for a trade due to a front running sandwich or another type of price manipulation"

Assessed type

Uniswap

c4-pre-sort commented 8 months ago

raymondfam marked the issue as sufficient quality report

c4-pre-sort commented 8 months ago

raymondfam marked the issue as duplicate of #62

c4-judge commented 8 months ago

alex-ppg marked the issue as unsatisfactory: Invalid

code-423n4 / 2024-01-decent-findings

hardcoded slippage can freeze users funds during market turblances. #714