The USSD#UniV3SwapInput executes swaps without slippage protection. That will cause a loss of funds because of sandwich attacks.
Vulnerability Detail
Impact
Swaps will be sandwiched causing a loss of funds for protocol. Rebalance won't work: suppose USSD price go down and rebalancer need to sell some collateral but due to sandwitch attack amountOut will be very small, and rebalance can be called again and again draining all collateral
evilakela
high
No slippage protection in USSD#UniV3SwapInput
Summary
The
USSD#UniV3SwapInputexecutes swaps without slippage protection. That will cause a loss of funds because of sandwich attacks.Vulnerability Detail
Impact
Swaps will be sandwiched causing a loss of funds for protocol. Rebalance won't work: suppose USSD price go down and rebalancer need to sell some collateral but due to sandwitch attack amountOut will be very small, and rebalance can be called again and again draining all collateral
Code Snippet
https://github.com/sherlock-audit/2023-05-USSD/blob/main/ussd-contracts/contracts/USSD.sol#L227-L240
Tool used
Manual Review
Recommendation
Calculate and set properly
amountOutMinimumswap parameterDuplicate of #673