Closed c4-bot-8 closed 1 month ago
Hey @alex-ppg,
I would like to escalate this issue on behalf of the submitter. This is a duplicate of https://github.com/code-423n4/2024-08-superposition-findings/issues/35.
Thanks!
Hey @blckhv, thank you for your PJQA contribution. I would like to clarify that validation repository findings are not directly evaluated by the judge of a contest if they do not pass the validation phase.
It appears that this particular finding relates to the swap-in function that has been correctly implemented.
Lines of code
https://github.com/code-423n4/2024-08-superposition/blob/main/pkg/sol/SeawaterAMM.sol#L281
Vulnerability details
Summary
The
SeawaterAMM
contract implements aswapInPermit2CEAAB576
function for token swaps using the Permit2 standard. This function is designed to perform a swap with slippage protection.The slippage check in the
swapInPermit2CEAAB576
function is incorrect. It compares the negated output amount with the minimum expected output, which doesn't accurately represent the slippage protection intended.Code Snippet
https://github.com/code-423n4/2024-08-superposition/blob/main/pkg/sol/SeawaterAMM.sol#L281
Impact
This bug could lead to trades executing with more slippage than the user intended, potentially resulting in significant financial losses for users. In extreme market conditions, this could allow trades to go through even when they shouldn't, violating the user's specified slippage tolerance.
Scenario
swapInPermit2CEAAB576
withamountIn = 100
andminOut = 90
.swapAmountOut = -85
(negative to represent outgoing tokens).-swapAmountOut >= int256(minOut)
becomes85 >= 90
.Fix
The slippage check should compare the absolute value of
swapAmountOut
withminOut
.This ensures that the actual output amount is compared correctly with the user's specified minimum.
Assessed type
Invalid Validation