search

sherlock-audit / 2024-02-smilee-finance-judging

2 stars 1 forks source link

1X1 - hedgeMargin equal to zero leads to using a larger amount than usual while buying side tokens #112

Closed sherlock-admin2 closed 8 months ago

sherlock-admin2 commented 9 months ago

1X1

medium

hedgeMargin equal to zero leads to using a larger amount than usual while buying side tokens

Summary

In the Protocol Details they said that admins are TRUSTED, but from code prespective and security we have to be sure about that, So here no checks on the hedgeMargin paramter and admins can set it to be qual to Zero.

Vulnerability Details

In function setHedgeMargin that can be called by admin to set the hedgeMargin that will directly affect in this function _buySideTokens

It’s check if 

    if (hedgeMargin > 1000) {
        revert OutOfAllowedRange();

and no checks if hedgeMargin is not equal zero to revert that will allow easily to set to be equal zero.

In function _buySideTokens

If the available base tokens availableBaseTokens are less than the requiredInput for the swap, the contract attempts to adjust by approving the maximum available base tokens for the swap amountToApprove = availableBaseTokens. This adjustment is straightforward and does not directly involve hedgeMargin.

However, the critical part comes next. If the available base tokens are also less than the minRequiredInput, the function adjusts the amount of side tokens to be bought by reducing it according to the hedgeMargin. This reduction is meant to handle extreme scenarios where swap slippages could significantly affect the transaction, allowing the contract to still perform a swap but for a reduced amount of side tokens. Specifically, the reduction is calculated as:

amount -= (amount * _hedgeMargin) / 10000;

By setting hedgeMargin to zero, the function would not adjust the target amount of side tokens downwards to accommodate the limited availability of base tokens. The calculation would attempt to subtract zero from the amount, leaving the amount unchanged.

Impact

having a hedgeMargin of zero makes the function _buySideTokens more exposed to unexpected price swings during the token purchase. This could lead to using a larger amount than usual, It means that the initial amount used for buying side tokens will not be adjusted downward, making the contract more vulnerable to bad market conditions.

Code Snippet

https://github.com/sherlock-audit/2024-02-smilee-finance/blob/3241f1bf0c8e951a41dd2e51997f64ef3ec017bd/smilee-v2-contracts/src/Vault.sol#L168-L178

https://github.com/sherlock-audit/2024-02-smilee-finance/blob/3241f1bf0c8e951a41dd2e51997f64ef3ec017bd/smilee-v2-contracts/src/Vault.sol#L751-L790

Tool used

Manual Review

Recommendation

we need to add in function setHedgeMargin a check to check if it's qual to zero and revert.

sherlock-admin2 commented 8 months ago

2 comment(s) were left on this issue during the judging contest.

panprog commented:

invalid, admin is trusted to set correct parameters

takarez commented:

invalid

Mr-1X1 commented 8 months ago

Please Check as I mentioned in first line that admin is trusted, but what if he manipulated the hedgeMargin to make earnings for himself and what if he got scammed and also this bug makes the project more centralized while buying side tokens.