sherlock-audit / 2024-02-jala-swap-judging

6 stars 4 forks source link

Afriaudit - User could potentially manipulate market price #259

Closed sherlock-admin2 closed 7 months ago

sherlock-admin2 commented 7 months ago

Afriaudit

high

User could potentially manipulate market price

Summary

Potential price manipulation because amount In was represented as IERC20(wrappedTokenIn).balanceOf(address(this)), in JalaMasterRouter:swapExactTokensForTokens A malicious user can manipulate price by sending wrappedtoken obtained from dust to J

Impact

aaffect price accuracy

Code Snippet

Tool used

Manual Review

Recommendation

use amountin ** getdecimals

nevillehuang commented 7 months ago

Invalid, seemingly duplicate of #, but insufficient vulernability description and proof.