ValantisModulePublic::deposit Lack of slippage controls
Low/Info issue submitted by cergyk
Summary
The ValantisModulePublic::deposit function lacks slippage controls, which exposes depositors to potential losses due to unfavorable price movements during deposits.
However, it does not include any checks for slippage, which can lead to significant losses if the price changes unfavorably during the deposit process: ValantisHOTModulePublic.sol#L61.
Without slippage controls, there is no mechanism to ensure that the amount of liquidity added to the pool matches the expected value based on the current price.
Impact
The absence of slippage controls can lead to significant losses for users if the price changes unfavorably during the deposit process. This can result in users receiving fewer shares than expected or the protocol accepting deposits at a much lower value, leading to potential financial losses.
Please consider emphasizing in documentation, that all end user deposits should be done through ArrakisPublicVaultRouter in order to avoid unlimited slippage
ValantisModulePublic::deposit Lack of slippage controls
Low/Info issue submitted by cergyk
Summary
The
ValantisModulePublic::depositfunction lacks slippage controls, which exposes depositors to potential losses due to unfavorable price movements during deposits.Vulnerability Detail
The
ValantisModulePublic::depositfunction is used to deposit liquidity into the vault: ValantisHOTModulePublic.sol#L28-L96.However, it does not include any checks for slippage, which can lead to significant losses if the price changes unfavorably during the deposit process: ValantisHOTModulePublic.sol#L61.
Without slippage controls, there is no mechanism to ensure that the amount of liquidity added to the pool matches the expected value based on the current price.
Impact
The absence of slippage controls can lead to significant losses for users if the price changes unfavorably during the deposit process. This can result in users receiving fewer shares than expected or the protocol accepting deposits at a much lower value, leading to potential financial losses.
Code Snippet
Tool used
Manual Review
Recommendation
Please consider emphasizing in documentation, that all end user deposits should be done through
ArrakisPublicVaultRouterin order to avoid unlimited slippage