Closed sherlock-admin closed 1 year ago
J4de
high
No slippage protection for each swap
Take _opentrade function as an example.
_opentrade
File: MarginTrading.sol 264 if (_swapParams.length > 0) { 265 // approve to swap route 266 for (uint256 i = 0; i < _swapApproveToken.length; i++) { 267 IERC20(_swapApproveToken[i]).approve(_swapApproveTarget, type(uint256).max); 268 } 269 270 >> (bool success,) = _swapAddress.call(_swapParams); 271 require(success, "dodoswap fail"); 272 }
_opentrade function will swap tokens, but there is no slippage protection
Potential sandwich attack leading to user funds being stolen
https://github.com/sherlock-audit/2023-05-dodo/blob/main/dodo-margin-trading-contracts/contracts/marginTrading/MarginTrading.sol#L270
https://github.com/sherlock-audit/2023-05-dodo/blob/main/dodo-margin-trading-contracts/contracts/marginTrading/MarginTrading.sol#L312
Manual Review
add slippage protection
J4de
high
No slippage protection for each swap
Summary
No slippage protection for each swap
Vulnerability Detail
Take
_opentradefunction as an example._opentradefunction will swap tokens, but there is no slippage protectionImpact
Potential sandwich attack leading to user funds being stolen
Code Snippet
https://github.com/sherlock-audit/2023-05-dodo/blob/main/dodo-margin-trading-contracts/contracts/marginTrading/MarginTrading.sol#L270
https://github.com/sherlock-audit/2023-05-dodo/blob/main/dodo-margin-trading-contracts/contracts/marginTrading/MarginTrading.sol#L312
Tool used
Manual Review
Recommendation
add slippage protection