Open hats-bug-reporter[bot] opened 3 weeks ago
This is a duplicate of #22 and #19. In #22 there is a clear explanation why your scenario is not one that shoul dever occur. Specifically
Alice transfers 1000 ROSE to the StableSwapRouter contract.
Alice should simply not do this. Why would she? If she does, she will lose her money, as described by your issues.
Github username: -- Twitter username: -- Submission hash (on-chain): 0x45e7adf08e0fbb26088e37a95a27fce428e9343efc0164a1d90b60a9ec0bf0c4 Severity: high
Description: Description\
exactInputStableSwap
facilitates the swapping of tokens within a stable swap pool,here user can use this function in two ways i.e1. Transferring assets first: the user can first transfer the assets to the contract and then call
exactInputStableSwap
withamountIn to Constants.CONTRACT_BALANCE
. This approach uses the transferred balance of the contract for thesrcToken
as the input amount2. Direct Call with Actual Amount: here user can call
exactInputStableSwap
with a specificamountIn
value. In this case, the function will transfer the specifiedamountIn
from the user to the contract usingissue: now here for the 1st case,the attacker waits for the user to transfer the assets first and when the user call the
exactInputStableSwap
function withamountIn == Constants.CONTRACT_BALANCE
the attacker frontrunn and calls this function and swaps the user balance freely and the legitimate user get DosedAttack Scenario\
Alice's Intent:
StableSwapRouter
contract.ROSE for stROSE
usingexactInputStableSwap
with amountIn as Constants.CONTRACT_BALANCE.Attacker's Strategy:
exactInputStableSwap
withamountIn
asConstants.CONTRACT_BALANCE
.Outcome:
stROSE
Attachments
Proof of Concept (PoC) File