The swap functions swapIn32502CA71() and swapInPermit2CEAAB576() don't check the return value of the delegatecall to the swap executor. If the delegatecall fails silently, the function will continue execution and potentially return incorrect swap amounts.
function swapIn32502CA71(address token, uint256 amountIn, uint256 minOut) external returns (int256, int256) {
(bool success, bytes memory data) = _getExecutorSwap().delegatecall(abi.encodeCall(
ISeawaterExecutorSwap.swap904369BE,
(
token,
true,
int256(amountIn),
type(uint256).max
)
));
require(success, string(data));
(int256 swapAmountIn, int256 swapAmountOut) = abi.decode(data, (int256, int256));
// this contract uses checked arithmetic, this negate can revert
require(-swapAmountOut >= int256(minOut), "min out not reached!");
return (swapAmountIn, swapAmountOut);
}
Lines of code
https://github.com/code-423n4/2024-08-superposition/blob/4528c9d2dbe1550d2660dac903a8246076044905/pkg/sol/SeawaterAMM.sol#L262-L278
Vulnerability details
Impact
This could lead to incorrect swap amounts being returned to users, potentially causing loss of funds or incorrect accounting in the protocol.
Link To code
Proof of Concept
The swap functions swapIn32502CA71() and swapInPermit2CEAAB576() don't check the return value of the delegatecall to the swap executor. If the delegatecall fails silently, the function will continue execution and potentially return incorrect swap amounts.
Tools Used
Manual Review
Recommended Mitigation Steps
Add a check for the success of the delegatecall:
Assessed type
call/delegatecall