search

sherlock-audit / 2024-02-telcoin-platform-audit-update-judging

3 stars 1 forks source link

bigbick123456789000 - Lack of Slippage Control in swapAndSend Function #87

Closed sherlock-admin4 closed 8 months ago

sherlock-admin4 commented 8 months ago

bigbick123456789000

medium

Lack of Slippage Control in swapAndSend Function

Summary

The swapAndSend function in the StablecoinHandler contract lacks slippage control mechanisms, potentially exposing users to unexpected price differences during token swaps. Without considering slippage, users may face unfavorable trade executions, leading to financial losses or inefficient asset conversions.

Vulnerability Detail

The swapAndSend function is designed to swap stablecoins between different assets and send them to specified destinations. However, it lacks mechanisms to handle slippage, which is the difference between the expected price of a trade and the actual price at which the trade is executed. In decentralized exchanges and automated market-making systems, slippage can significantly impact the outcome of trades.

Here's the code snippet of the swapAndSend function:

function swapAndSend(
    address wallet,
    StablecoinSwap memory ss
) public virtual whenNotPaused nonZero(ss) onlyRole(SWAPPER_ROLE) {
    if (
        Stablecoin(ss.origin).totalSupply() - ss.oAmount <
        getMinLimit(ss.origin)
    ) revert InvalidMintBurnBoundry(ss.origin);

    if (
        Stablecoin(ss.target).totalSupply() + ss.tAmount >
        getMaxLimit(ss.target)
    ) revert InvalidMintBurnBoundry(ss.target);

    Stablecoin(ss.origin).burnFrom(wallet, ss.oAmount);
    Stablecoin(ss.target).mintTo(ss.destination, ss.tAmount);
}

Impact

The lack of slippage control in the swapAndSend function can lead to unexpected trade executions, resulting in financial losses for users. Without considering slippage, users may receive fewer tokens than expected when swapping assets, reducing the efficiency and reliability of the token swap mechanism.

Code Snippet

#L116-L132

Tool used

Manual Review

Recommendation

Implement slippage control mechanisms in the swapAndSendfunction to minimize the impact of price differences during token swaps

sherlock-admin3 commented 8 months ago

1 comment(s) were left on this issue during the judging contest.

WangAudit commented:

according to sherlock's rules; slippage issues should have a detailed explanation; current explanation is not detailed and only shows not proven assumption -> invalid