Unitas contract provides insufficient slippage protection for swaps, that may cause a loss of funds because of fluctuation in exchange.
Vulnerability Detail
Unitas#swap(...) executes swaps for token pairs, users can pass AmountType to specify the amount they expected to get or the amount they are willing to spend:
This provides slippage protection to some extent for swaps, however, it's insufficient and user may still suffer loss because of fluctuation in exchange. Imagine the following scenario:
Alice submits a transaction to swap USDEMC for USD1 and she is willing to spend 10000 USDEMC tokens;
At the time of submitting, the exchange rate for USD1/USDEMC is 10, protocol price tolerance range is [9, 11], so Alice is likely to get no less than 900 USD1 tokens, which is fair;
Alice is in no hurry so she pays low gas fee, her transaction gets stuck in pending;
Soon after, USDEMC depreciates and the exchange rate for USD1/USDEMC rises to 12, price tolerance range is updated accordingly to [11, 13] by protocol team;
Alice's transaction gets executed, as the swap is no longer protected by old tolerance range, Alice gets only 833 USD1 tokens in return and suffers a loss.
Impact
User may suffer loss of funds due to insufficient slippage protection.
Juntao
medium
Insufficient slippage protection for swaps
Summary
Unitas contract provides insufficient slippage protection for swaps, that may cause a loss of funds because of fluctuation in exchange.
Vulnerability Detail
Unitas#swap(...) executes swaps for token pairs, users can pass AmountType to specify the amount they expected to get or the amount they are willing to spend:
During swapping, protocol gets the lastest price from oracle and conducts price check to ensure the price is in tolerance range:
The price tolerance range is stored in _maxPriceTolerance and _minPriceTolerance mappings and could be updated based on currency exchange rate:
This provides slippage protection to some extent for swaps, however, it's insufficient and user may still suffer loss because of fluctuation in exchange. Imagine the following scenario:
Impact
User may suffer loss of funds due to insufficient slippage protection.
Code Snippet
https://github.com/sherlock-audit/2023-04-unitasprotocol/blob/main/Unitas-Protocol/src/Unitas.sol#L208-L237
Tool used
Manual Review
Recommendation
Provide the necessary
amountInMaximum
and foramountOutMinimum
for swaps.Duplicate of #88