search

mars-protocol / rover

Smart contracts for Rover
GNU General Public License v3.0
1 stars 1 forks source link

MP-3350. Slippage #197

Closed piobab closed 1 year ago

piobab commented 1 year ago

This is part of the fix for @thec00n finding:

Users can trigger reward withdrawal by calling Withdraw or WithdrawLiquidity from credit manager. A malicious user can send the WithdrawLiquidity and set the minimum_receive assets to zero.

We discussed with @bobthebuidlr that including slippage for ProvideLiquidity and WithdrawLiquidity could simplify API (no too much logic to SC).

Moreover, I added config with max allowed slippage.

piobab commented 1 year ago

Pushed commit with error msg change.