Open c4-bot-10 opened 6 months ago
0xRobocop marked the issue as duplicate of #250
0xRobocop marked the issue as duplicate of #156
3docSec marked the issue as satisfactory
3docSec changed the severity to QA (Quality Assurance)
3docSec marked the issue as grade-b
Lines of code
https://github.com/code-423n4/2024-03-ondo-finance/blob/78779c30bebfd46e6f416b03066c55d587e8b30b/contracts/ousg/ousgInstantManager.sol#L49
Vulnerability details
The absence of a minimum amount parameter for slippage in the
ousgInstantManager.sol
contract poses a risk of token loss to users in case of price fluctuations prior to transaction execution.Impact
Functions within
ousgInstantManager.sol
lack a crucial parameter,minAmount
, during minting or redemption processes. This parameter is pivotal in mitigating slippage risks caused by adverse price movements. The oversight increases the vulnerability of users to potential token loss.Proof of Concept
No minimum amount parameter in the following functions 👇
https://github.com/code-423n4/2024-03-ondo-finance/blob/78779c30bebfd46e6f416b03066c55d587e8b30b/contracts/ousg/ousgInstantManager.sol#L230
https://github.com/code-423n4/2024-03-ondo-finance/blob/78779c30bebfd46e6f416b03066c55d587e8b30b/contracts/ousg/ousgInstantManager.sol#L335
https://github.com/code-423n4/2024-03-ondo-finance/blob/78779c30bebfd46e6f416b03066c55d587e8b30b/contracts/ousg/ousgInstantManager.sol#L254
https://github.com/code-423n4/2024-03-ondo-finance/blob/78779c30bebfd46e6f416b03066c55d587e8b30b/contracts/ousg/ousgInstantManager.sol#L362
Tools Used
Recommended Mitigation Steps
It is recommended to add
minAmount
parameter in all of the functions.Assessed type
Other