The official document describes splits-swapper as follows:
uses discount oracle pricing to incentivize third parties to automatically convert multi-token revenue into a single token & forward to beneficiary
The problem here is that the flash function does not allow users to set the maximum payment amount, which may cause users to be exposed to price manipulation attacks (such as sandwich attacks) when exchanging tokens.
J4de
medium
SwapperImpl.sol#flash
does not set the minimum payment amount, which may be attacked by price manipulationSummary
SwapperImpl.sol#flash
does not set the minimum payment amount, which may be attacked by price manipulationVulnerability Detail
The official document describes splits-swapper as follows:
The problem here is that the
flash
function does not allow users to set the maximum payment amount, which may cause users to be exposed to price manipulation attacks (such as sandwich attacks) when exchanging tokens.Impact
Users may lose part of their funds
Code Snippet
https://github.com/0xSplits/splits-swapper/blob/83ce1124767a097aac37d1cd162a9b27bbc48701/src/SwapperImpl.sol#L203-L221
Tool used
Manual Review
Recommendation
It is recommended to provide the maximum payment amount as an input parameter