The issue is that there is no slippage protection to ensure that amountsToBeneficiary is within a certain minimum limit.
This exposes the calculation of the amountsToBeneficiary to attacks including flashloans where the trader gains an advantage and the beneficiary loses out by getting a lower value of amountsToBeneficiary.
Impact
Beneficiary loses value due to lack of slippage protection.
ck
medium
Beneficiary can incur losses due to slippage during a flash call
Summary
Beneficiary can incur losses due to slippage during a flash call
Vulnerability Detail
When
SwapperImpl::flash
is called, theamountsToBeneficiary
is determined by the oracle using thegetQuoteAmounts
function.The issue is that there is no slippage protection to ensure that
amountsToBeneficiary
is within a certain minimum limit.This exposes the calculation of the
amountsToBeneficiary
to attacks including flashloans where the trader gains an advantage and the beneficiary loses out by getting a lower value ofamountsToBeneficiary
.Impact
Beneficiary loses value due to lack of slippage protection.
Code Snippet
https://github.com/sherlock-audit/2023-04-splits/blob/main/splits-swapper/src/SwapperImpl.sol#L227-L231
https://github.com/sherlock-audit/2023-04-splits/blob/main/splits-swapper/src/integrations/UniV3Swap.sol#L78-L88
Tool used
Manual Review
Recommendation
Some form of slippage protection should be implemented which may require a redesign of how trades are done.
Duplicate of #37