Open c4-bot-3 opened 8 months ago
Downgrade to Medium as there is no direct fund loss.
hansfriese changed the severity to 2 (Med Risk)
hansfriese marked the issue as primary issue
fez-init (sponsor) confirmed
hansfriese marked the issue as satisfactory
hansfriese marked the issue as selected for report
Lines of code
https://github.com/code-423n4/2024-01-init-capital-invitational/blob/a01c4de620be98f9e57a60cf6a82d4feaec54f58/contracts/hook/MarginTradingHook.sol#L422
Vulnerability details
Impact
SwapType.CloseExactOut balance check too strict can be DOSed
Proof of Concept
In CoreCallback function, we have the logic below
note the logic
this check
is too strict, malicious uer can DOS the swap by simply perform a tiny swap by frontruning the swap to change the token ratio in the LP pool
for example, the swapInfo.amtOut is 1000 USDC, and swapInfo.tokenOut is USDC
it is difficult to get exact 1000 USDC,
any swap that executes before the swap can make the received USDC amount to 1000.1 USDC or 999. USDC.
then swap transaction revert.
Tools Used
Manual review
Recommended Mitigation Steps
do not use ==, use >=
Assessed type
DoS