Trader could possibly lose funds (i.e. pay more quoteToken)
Summary
The trader has no way to set a maximum inputAmount. If for example the price returned by the Oracle (any Oracle) is wrong or inaccurate which is possible, the trader will pay more quoteToken than what they expect.
Vulnerability Detail
_getQuoteAmount method gets unscaledAmountToBeneficiary from Uniswap oracle.
It is possible that the price is stale or wrong for and as there is no maximum inputAmount check engorced as a safety, Trader could possibly pay more quoteToken due to the lack of the safety check. i.e. Swapper owner will receive more quote tokens and the trader will receive less which is a loss to the trader.
Note: this is applicable to any other oracle and not limited to Uniswap oracle.
Impact
Trader will receive less tokens and the Swapper owner will receive more. In other words, Trader will have a loss of funds.
Code Snippet
Check above
Tool used
Manual Review
Recommendation
Add a parameter maxInputAmount to flash method to allow the trader to set a max input amount (i.e. max quote amount) to be transferred from him/her. Then If amountsToBeneficiary is greater than maxInputAmount, revert.
Koolex
medium
Trader could possibly lose funds (i.e. pay more quoteToken)
Summary
The trader has no way to set a maximum inputAmount. If for example the price returned by the Oracle (any Oracle) is wrong or inaccurate which is possible, the trader will pay more quoteToken than what they expect.
Vulnerability Detail
_getQuoteAmount
method gets unscaledAmountToBeneficiary from Uniswap oracle.https://github.com/sherlock-audit/2023-04-splits/blob/main/splits-oracle/src/UniV3OracleImpl.sol#L277-L282
It is possible that the price is stale or wrong for and as there is no maximum inputAmount check engorced as a safety, Trader could possibly pay more quoteToken due to the lack of the safety check. i.e. Swapper owner will receive more quote tokens and the trader will receive less which is a loss to the trader.
Note: this is applicable to any other oracle and not limited to Uniswap oracle.
Impact
Trader will receive less tokens and the Swapper owner will receive more. In other words, Trader will have a loss of funds.
Code Snippet
Check above
Tool used
Manual Review
Recommendation
Add a parameter maxInputAmount to
flash
method to allow the trader to set a max input amount (i.e. max quote amount) to be transferred from him/her. Then If amountsToBeneficiary is greater than maxInputAmount, revert.Duplicate of #47