search

code-423n4 / 2024-01-salty-findings

11 stars 6 forks source link

zero slippage swap #899

Closed c4-bot-7 closed 7 months ago

c4-bot-7 commented 7 months ago

Lines of code

https://github.com/code-423n4/2024-01-salty/blob/53516c2cdfdfacb662cdea6417c52f23c94d5b5b/src/Upkeep.sol#L132-L133

Vulnerability details

Impact

Upkeep._formPOL() calls pools.depositSwapWithdraw with no allowance for slippage. If the zero slippage requirement is not met then the function will revert .This could be caused in a situation where the liquidity pool exists but does not allow for zero slippage with the assets it is holding.

Proof of Concept

uint256 amountA = pools.depositSwapWithdraw( weth, tokenA, wethAmountPerToken, 0, block.timestamp );
uint256 amountB = pools.depositSwapWithdraw( weth, tokenB, wethAmountPerToken, 0, block.timestamp );

Tools Used

Manual

Recommended Mitigation Steps

add an input parameter to the function to handle a slippage allowance.

Assessed type

Other

c4-judge commented 7 months ago

Picodes marked the issue as duplicate of #224

c4-judge commented 6 months ago

Picodes marked the issue as satisfactory