Closed sherlock-admin closed 1 year ago
0xRan4212
medium
Swaps have unbounded slippage, and can easily be front ran and sandwiched.
There is effectively a 100% slippage set here: https://github.com/USSDofficial/ussd-contracts/blob/main/contracts/USSD.sol#L237
Bots can front run and sandwich USSD / DAI swaps.
https://github.com/USSDofficial/ussd-contracts/blob/main/contracts/USSD.sol#L237
Manual Review
Set a reasonable (below 100%) slippage value.
Duplicate of #673
0xRan4212
medium
Swaps have unbounded slippage.
Summary
Swaps have unbounded slippage, and can easily be front ran and sandwiched.
Vulnerability Detail
There is effectively a 100% slippage set here: https://github.com/USSDofficial/ussd-contracts/blob/main/contracts/USSD.sol#L237
Impact
Bots can front run and sandwich USSD / DAI swaps.
Code Snippet
https://github.com/USSDofficial/ussd-contracts/blob/main/contracts/USSD.sol#L237
Tool used
Manual Review
Recommendation
Set a reasonable (below 100%) slippage value.
Duplicate of #673