The StrategyPassiveManagerVelodrome::_mintPosition function mints a new liquidity position using Uniswap V3. However, this function lacks slippage protection. According to the Uniswap V3 Development Book, slippage protection should be implemented in the mint function to ensure that the liquidity provided is proportional to the current price and that the user is not exposed to unexpected token amounts due to price fluctuations.
Vulnerability Detail
The StrategyPassiveManagerVelodrome::_mintPosition does not include slippage protection. Specifically, it sets amount0Min and amount1Min to 0, meaning there are no checks to ensure the amounts of tokens provided are within an acceptable range considering slippage. This can result in liquidity providers receiving fewer tokens than expected, causing potential losses.
Impact
Medium. With no protection, liquidity providers may experience significant slippage during the minting process. This will create scenarios where the actual amounts of tokens provided to the liquidity pool are less than anticipated, resulting in financial loss and reduced efficiency of the liquidity provision.
d17vv
medium
No slippage protection in the
_mintPosition
Summary
The StrategyPassiveManagerVelodrome::_mintPosition function mints a new liquidity position using Uniswap V3. However, this function lacks slippage protection. According to the Uniswap V3 Development Book, slippage protection should be implemented in the mint function to ensure that the liquidity provided is proportional to the current price and that the user is not exposed to unexpected token amounts due to price fluctuations.
Vulnerability Detail
The
StrategyPassiveManagerVelodrome::_mintPosition
does not include slippage protection. Specifically, it setsamount0Min
andamount1Min
to0
, meaning there are no checks to ensure the amounts of tokens provided are within an acceptable range considering slippage. This can result in liquidity providers receiving fewer tokens than expected, causing potential losses.Impact
Medium. With no protection, liquidity providers may experience significant slippage during the minting process. This will create scenarios where the actual amounts of tokens provided to the liquidity pool are less than anticipated, resulting in financial loss and reduced efficiency of the liquidity provision.
Code Snippet
https://github.com/sherlock-audit/2024-05-beefy-cowcentrated-liquidity-manager/blob/main/cowcentrated-contracts/contracts/strategies/velodrome/StrategyPassiveManagerVelodrome.sol#L305-L327
Tool used
Manual Review
Recommendation
Implement slippage protection in the
_mintPosition
function by setting appropriateamount0Min
andamount1Min
values.Duplicate of #8