c4-pre-sort
commented
6 months ago 0xRobocop marked the issue as duplicate of #250
Open c4-bot-10 opened 6 months ago
c4-pre-sort
commented
6 months ago 0xRobocop marked the issue as duplicate of #250
c4-pre-sort
commented
6 months ago 0xRobocop marked the issue as duplicate of #156
c4-judge
commented
6 months ago 3docSec marked the issue as satisfactory
c4-judge
commented
6 months ago 3docSec changed the severity to QA (Quality Assurance)
c4-judge
commented
6 months ago 3docSec marked the issue as grade-b
Lines of code
https://github.com/code-423n4/2024-03-ondo-finance/blob/78779c30bebfd46e6f416b03066c55d587e8b30b/contracts/ousg/ousgInstantManager.sol#L49
Vulnerability details
The absence of a minimum amount parameter for slippage in the
ousgInstantManager.solcontract poses a risk of token loss to users in case of price fluctuations prior to transaction execution.Impact
Functions within
ousgInstantManager.sollack a crucial parameter,minAmount, during minting or redemption processes. This parameter is pivotal in mitigating slippage risks caused by adverse price movements. The oversight increases the vulnerability of users to potential token loss.Proof of Concept
No minimum amount parameter in the following functions 👇
https://github.com/code-423n4/2024-03-ondo-finance/blob/78779c30bebfd46e6f416b03066c55d587e8b30b/contracts/ousg/ousgInstantManager.sol#L230
https://github.com/code-423n4/2024-03-ondo-finance/blob/78779c30bebfd46e6f416b03066c55d587e8b30b/contracts/ousg/ousgInstantManager.sol#L335
https://github.com/code-423n4/2024-03-ondo-finance/blob/78779c30bebfd46e6f416b03066c55d587e8b30b/contracts/ousg/ousgInstantManager.sol#L254
https://github.com/code-423n4/2024-03-ondo-finance/blob/78779c30bebfd46e6f416b03066c55d587e8b30b/contracts/ousg/ousgInstantManager.sol#L362
Tools Used
Recommended Mitigation Steps
It is recommended to add
minAmountparameter in all of the functions.Assessed type
Other