Open c4-bot-10 opened 3 months ago
0xRobocop marked the issue as duplicate of #250
0xRobocop marked the issue as duplicate of #156
3docSec marked the issue as satisfactory
Does not cover the _redeem flow
3docSec marked the issue as partial-50
3docSec changed the severity to QA (Quality Assurance)
3docSec marked the issue as grade-b
Lines of code
https://github.com/code-423n4/2024-03-ondo-finance/blob/main/contracts/ousg/ousgInstantManager.sol#L254-L276
Vulnerability details
Impact
When minting rOUSG, there is no way for the user to set a preferred minimum amount(i.e slippage protection).
Proof of Concept
This may be a problem as the price may vary, which will result in different number of shares minted to the user than intended.
Tools Used
Manual Review
Recommended Mitigation Steps
Implement slippage protection set by the user upon calling the function.
Assessed type
Oracle