Insufficient Slippage Protection in Stake Function

Summary

The _stake function lacks comprehensive slippage protection mechanisms, only checking for a received amount of 0 to prevent complete transaction failure. This does not safeguard against scenarios where the amount received is significantly less than expected due to slippage or unexpected fees.

Vulnerability Detail

The function withdraws Wrapped Ether (WETH), submits it to FRXETH_MINTER contract, and then deposits it into a staking contract. It checks if the received amount is 0 to revert the transaction. However, this check does not account for slippage or minor but significant discrepancies between the expected and actual received amounts, potentially leading to financial losses for users.

Impact

Users could experience financial loss if the actual amount received from the staking operation is significantly less than expected but not exactly 0.

Code Snippet

function _stake(uint256 stakeAmount) internal override returns (uint256) {
    IWETH9(Constants.WETH).withdraw(stakeAmount);
    FRXETH_MINTER.submit{value: stakeAmount}();
    uint256 received = STAKED_FRXETH.deposit(stakeAmount, address(this));
    if (received == 0) revert InvariantViolation();

    return stakeAmount;
}

https://github.com/sherlock-audit/2024-01-napier/blob/main/napier-v1/src/adapters/frax/SFrxETHAdapter.sol#L72-L79

Tool used

Manual Review

Recommendation

Adding a parameter for users to set their own slippage tolerance.

sherlock-audit / 2024-01-napier-judging

0xepley - Insufficient Slippage Protection in Stake Function #43