The 0 here is used for minTokenOut which is a slippage parameter. This causes the trade to execute even on lower than estimated/desired returns which causes loss of funds on the redemption.
minTokenOut should be used so that the function reverts in situations where the price has changed which can be done by external users (changing the reservers through flashloans etc.)
denzi_
High
minAmountOut
set to 0 in_redeemPT()
can cause loss of funds through redemptionSummary
In the contract
PendlePrincipalToken.sol
, function_redeemPT()
is used for PT redemption whether it is expired or not.This function redeems
netSyOut
amount of shares forTOKEN_OUT_SY
but the function is passing in a hardcoded0
in theminTokenOut
ParamVulnerability Detail
The function is :
Here the code first gets
netSyOut
and then redeems it forTOKEN_OUT_SY
through this codeThe 0 here is used for
minTokenOut
which is a slippage parameter. This causes the trade to execute even on lower than estimated/desired returns which causes loss of funds on the redemption.minTokenOut
should be used so that the function reverts in situations where the price has changed which can be done by external users (changing the reservers through flashloans etc.)Impact
Loss of funds when redeeming.
Code Snippet
_redeemPT
Tool used
Manual Review
Recommendation
Enforce slippage protection by passing in
minTokenOut
Duplicate of #70