Closed sherlock-admin closed 8 months ago
1 comment(s) were left on this issue during the judging contest.
takarez commented:
invalid
Invalid, user input error not valid based on sherlock rules. It is their responsibility to set appropriate slippage parameters. If they desire no slippage, then it is their responsibility
the-first-elder
medium
Risk of token loss due to unchecked minAmoutOut vulnerability
Summary
Unchecked
minAmountOut
set by the user can be arbitrarily low, for example 0 or 1, which poses a significant risk of losing tokens ifminAmountOut
is required to be paid to them.Vulnerability Detail
Unchecked
minAmountOut
set by the user can be arbitrarily low, even down to 0 or 1, which effectively bypasses any high slippage checks, exposing the system to potential exploitation. Based on the codesnipet
below the expression will always be false providedquotedAmount
is greater thanminAmountOut
.Impact
Users are at risk of losing their tokens if minAmountOut needs to be paid to them due to the unchecked and potentially low value set by the user.
Code Snippet
https://github.com/sherlock-audit/2023-12-flatmoney/blob/main/flatcoin-v1/src/DelayedOrder.sol#L83
Tool used
Manual Review
Recommendation
Consider using the
quotedAmount
as theminAmountOut
for the user to mitigate the risk of exploitation and potential loss of tokens.