Open hats-bug-reporter[bot] opened 2 months ago
https://github.com/Satsyxbt/Fenix/blob/353c8e8e24454336e805e5c0e11e4e9ae1491d03/contracts/nest/SingelTokenBuybackUpgradeable.sol#L117 https://github.com/Satsyxbt/Fenix/blob/353c8e8e24454336e805e5c0e11e4e9ae1491d03/contracts/nest/SingelTokenBuybackUpgradeable.sol#L161 https://github.com/Satsyxbt/Fenix/blob/353c8e8e24454336e805e5c0e11e4e9ae1491d03/contracts/nest/SingelTokenBuybackUpgradeable.sol#L171
Invalid
agreed, oversight on my end.
@whoismxuse thanks
Github username: -- Twitter username: -- Submission hash (on-chain): 0x585ac69239a638306d7ee8c13bf5292219124506c12a931887c5ed2176e852ce Severity: high
Description:
Description
inside
RouterV2PathProviderUpgradeable.sol
there is a function namedgetOptimalTokentoTokenRoute
:This function simply determines the optimal route and expected output amount for a token pair with the given amount.
The function will go through all possible routes and select the best route and does so by checking the
routesTokenToToken
array and looking at certain features such as stability.The problem however is that this process is not protected by any slippage. In a case where the value of 1 token drops the user will not be protected by any slippage set OR a parameter that specifies the
minAmount
a user should receive.Because of this users can lose out on funds whenever committing to such a trade, unknowingly since no slippage is enforced
Recommendation
introduce a slippage enforcement just like the
buyback
contract