search

sherlock-audit / 2024-02-smilee-finance-judging

2 stars 1 forks source link

cheatcode - Insufficient Slippage Handling for Swaps #152

Closed sherlock-admin2 closed 8 months ago

sherlock-admin2 commented 9 months ago

cheatcode

medium

Insufficient Slippage Handling for Swaps

Summary

In the _buySideTokens function, there are no checks or validations to ensure that the actual amount of side tokens received after the swap matches the expected amount (amount). If the actual slippage during the swap is higher than expected, the vault may end up receiving fewer side tokens than intended, potentially leading to losses or imbalances in the portfolio.

Vulnerability Detail

https://github.com/sherlock-audit/2024-02-smilee-finance/blob/main/smilee-v2-contracts/src/Vault.sol#L751

    uint256 requiredInput = exchange.getInputAmountMax(baseToken, sideToken, amount);
    uint256 minRequiredInput = exchange.getInputAmount(baseToken, sideToken, amount);
}

While getInputAmountMax returns the maximum amount of base tokens required to buy the specified amount of side tokens, accounting for potential slippage or price impact, the code does not seem to perform any checks or validations on the actual slippage that occurred during the swap.

The code proceeds to approve the amountToApprove which can be either requiredInput or the available base tokens, whichever is smaller and executes the swap:

https://github.com/sherlock-audit/2024-02-smilee-finance/blob/main/smilee-v2-contracts/src/Vault.sol#L777

IERC20(baseToken).safeApprove(exchangeAddress, amountToApprove);
baseTokens = exchange.swapOut(baseToken, sideToken, amount, amountToApprove);

https://github.com/sherlock-audit/2024-02-smilee-finance/blob/main/smilee-v2-contracts/src/Vault.sol#L797

baseTokens = exchange.swapIn(sideToken, baseToken, amount);

Impact

If the actual slippage during a trade or swap is higher than expected, the vault may receive fewer tokens than intended, potentially leading to losses or imbalances in the portfolio. The vault's accounting and state updates may also become inaccurate, as the actual token balances may differ from the expected balances.

Code Snippet

https://github.com/sherlock-audit/2024-02-smilee-finance/blob/main/smilee-v2-contracts/src/Vault.sol#L751 https://github.com/sherlock-audit/2024-02-smilee-finance/blob/main/smilee-v2-contracts/src/Vault.sol#L777 https://github.com/sherlock-audit/2024-02-smilee-finance/blob/main/smilee-v2-contracts/src/Vault.sol#L797

Tool used

Manual Review

Recommendation

Implement slippage checks and validations in the token swap functions.

sherlock-admin2 commented 8 months ago

3 comment(s) were left on this issue during the judging contest.

panprog commented:

invalid, slippage is allowed to be in pre-defined range (-2%..2%) for the transaction to not revert, the actual slippage is checked via premium slippage check.

tsvetanovv commented:

Slippage related issue is known issues. Check Readme.

takarez commented:

invalid