search

sherlock-audit / 2024-02-telcoin-platform-audit-update-judging

3 stars 1 forks source link

turvec - Protocol forces initiator of the swap to take in slippage without chance of reverting #88

Closed sherlock-admin2 closed 8 months ago

sherlock-admin2 commented 8 months ago

turvec

high

Protocol forces initiator of the swap to take in slippage without chance of reverting

Summary

Protocol forces initiator of the swap to take in slippage with chance of reverting

Vulnerability Detail

The agreed upon oAmount gets overridden in some case without check if the new amount exceeds the initial agreed amount. One could argue that the initiator will only approve to the agreed amount but often people approve to the max to avoid it.

Impact

Initiator could be forced to transfer more than what was agreed on

Code Snippet

https://github.com/sherlock-audit/2024-02-telcoin-platform-audit-update/blob/main/telcoin-contracts/contracts/swap/AmirX.sol#L91

Tool used

Manual Review

Recommendation

Add this check before overriding the oAmount to prevent initiator from transferring more than what was agreed on

oAmount >= fBalance - Balance
sherlock-admin4 commented 8 months ago

1 comment(s) were left on this issue during the judging contest.

WangAudit commented:

design choice (I believe) + according to sherlock's rules; slippage issues should have a detailed explanation; current explanation is not detailed and only shows not proven assumption -> invalid