Closed sherlock-admin2 closed 1 month ago
This issue doesn't make any sense, this contract is prepared to deposit an X amount of NST and later be able to withdraw >= X amount (excepting edge cases where a rounding down and a lack of nsr > RAY could provoke to be able to withdraw slightly less). So this is not a swap function or similar where you want to put boundaries as you could get caught in a bad trade.
zraxx
Medium
Function
deposit
andmint
have no slippage protection.Summary
The missing slippage protection for
deposit
andmint
inSNst.sol
will cause user unexpected deposit and mint.Root Cause
https://github.com/sherlock-audit/2024-06-makerdao-endgame/blob/main/sdai/src/SNst.sol#L357-L360 https://github.com/sherlock-audit/2024-06-makerdao-endgame/blob/main/sdai/src/SNst.sol#L371-L374 No slippage protection for function
deposit
andmint
.Internal pre-conditions
No response
External pre-conditions
No response
Attack Path
No response
Impact
When depositing, users are unable to obtain the expected share. When minting, users pay more assets than expected. Due to the lack of slippage protection, this could cause users to lose more than 1% of their assets.
PoC
No response
Mitigation
Add the slippage protection.