user can steal all the funds using exactInputStableSwap

[hats-bug-reporter[bot]]

Github username: -- Twitter username: -- Submission hash (on-chain): 0x6666ae18566f89839a3fe0021ded453fc0b6b4a7daaaf6da7f7c060d4865273f Severity: high

Description: Description\ refer the attack scenario,i wll provide details in the comments later

Attack Scenario\

• Initial Setup The contract holds 1000 units of Token A (let's call it srcToken). The user wants to swap these tokens for Token B (dstToken).

• User Action The user calls exactInputStableSwap with amountIn = Constants.CONTRACT_BALANCE.

Function Execution

Determine Amount In:

• Since amountIn is Constants.CONTRACT_BALANCE, the function sets hasAlreadyPaid to true.
• It sets amountIn to the contract's balance of srcToken, which is 1000 units.

Skip Payment Logic:

• Because hasAlreadyPaid is true, the function skips the logic that would * transfer tokens from msg.sender to the contract.

Perform Swap:

• The _swap function is called to execute the swap using the contract's balance of srcToken.

Determine Amount Out:

• After the swap, assume the contract now holds 950 units of dstToken. Transfer Output:

The function transfers 950 units of dstToken to the specified recipient address.

Attachments

1. Proof of Concept (PoC) File

2. Revised Code File (Optional)

[omega-audits]

The title is a bit misleading here - the user can not "steal all the funds", the user can sweep the balance of the Router contract, which is not expected to hold any funds

[Ghoulouis]

Just clean up the contract assets supporting the Router, the assets in the pool are still safe, I think it's not important enough to become a vulnerability

[AresAudits]

I've resubmitted the issue; please refer to #70