Lines of code

Vulnerability details

C4 issue

M-18: Users cannot stop loss in AutoRange and AutoExit

Comments

When a user delegates their positions to AutoRange or AutoExit, both Auto contracts (controlled by bots) will execute specific actions on these positions. In cases where no swapping is required, both AutoRange.execute() and AutoExit.execute() will call _validateSwap(). This function may revert when the price for tokens is drastically changing.

Considering that this revert occurs even if no swap takes place, both functions may unnecessarily fail. If a swap is not necessary, it should not be called.

Mitigation

PR #12

This mitigation fix revolves around wrapping all logic regarding swaps (both validations and the actual swap) around guard checks that ensure a swap should be executed.

Major changes include:

AutoExit.execute() now wraps validating and executing a swap around a guard check that checks if the swapAmount is not zero. The swapAmount is derived from either amount0 or amount1. This check ensures that _validateSwap() is not called when a swap is not requested.
AutoRange.execute() now wraps validating and executing a swap around a guard check that checks if the amountIn is not zero. The amountIn is derived from a value passed in by the execute caller. This check ensures that _validateSwap() is not called when a swap is not requested.

Minor changes include:

Automator._validateSwap() modified it's function signature. It now accepts currentTick and sqrtPriceX96 from the caller. In addition, the function no longer returns currentTick, sqrtPriceX96, nor priceX96. This is no longer necessary from any other functions that call _validateSwap().

Based on these changes, _validateSwap() will no longer be called unless a swap is necessary. Any major swings in price will have no impact on AutoRange or AutoExit when a swap does not occur.

Conclusion

LGTM

code-423n4 / 2024-04-revert-mitigation-findings