Closed sherlock-admin2 closed 3 months ago
2 comment(s) were left on this issue during the judging contest.
z3s commented:
88
PNS commented:
slippage control is (will be) at the Tranche.issue level and not at the adapter level (following issue #84 in the previous contest)
Since it's the duplicate of #88 and 88 will be duplicated with #26, this will also ba dup of 26.
merlin
medium
UniETHAdapter and RsETHAdapter do not have slippage protection
Summary
UniETHAdapter
andRsETHAdapter
have functions from external protocols that include slippage arguments. Instead of passing theminAmount
argument, hardcoded zero values are used, which is incorrect.Vulnerability Detail
RsETHAdapter
has a_stake
function that interacts with theRSETH_DEPOSIT_POOL.depositETH
function, but theminRSETHAmountExpected
is set to zero.RSETH_DEPOSIT_POOL.depositETH
minRSETHAmountExpected check;Additionally,
UniETHAdapter
has a similar issue:Impact
Users do not have the ability to use slippage protection
Code Snippet
src/adapters/bedrock/UniETHAdapter.sol#L78 src/adapters/kelp/RsETHAdapter.sol#L84
Tool used
Manual Review
Recommendation
The best way to fix this issue is to provide a helper router smart contract for adapters with slippage protection.
Duplicate of #26