Mansa11 - Zero-Amount Swap Vulnerability in WOOFi Solana Protocol

[sherlock-admin3]

Mansa11

Medium

Zero-Amount Swap Vulnerability in WOOFi Solana Protocol

Summary

This protocol's swap function allows for zero-amount swaps, potentially leading to unintended protocol behavior, unnecessary gas consumption, and possible exploitation of price oracle updates.

Relevant links

https://github.com/sherlock-audit/2024-08-woofi-solana-deployment/blob/main/WOOFi_Solana/programs/woofi/src/instructions/swap.rs#L135-L149

Details

The swap function in the WOOFi Solana protocol does not explicitly check for zero-amount swaps. When a user initiates a swap with a zero amount, the following sequence of events occurs:

• The swap_math::calc_quote_amount_sell_base function processes the zero amount without error, returning zero for the quote amount.
• No actual token transfer occurs, but the transfer functions are still called.
• Pool reserves are updated with zero values, which is a no-op but consumes gas.
• The Wooracle price is updated despite no actual trade occurring.
• A swap event is emitted with zero values.

This behavior, while not causing panics or runtime errors, can lead to inconsistent protocol state and potential exploitation.

Impact

The impact of this vulnerability includes:

1. Unnecessary gas consumption for zero-value operations.
2. Potential manipulation of price oracles without actual token movement.
3. Emission of misleading swap events with zero values.
4. Possible exploitation of fee mechanisms or other protocol features that rely on non-zero swap amounts.

Code snippet

    pub fn handler(ctx: Context<Swap>, from_amount: u128, min_to_amount: u128) -> Result<()> {
    // ... (earlier code omitted for brevity)

    let (_quote_amount, new_base_price) = swap_math::calc_quote_amount_sell_base(
        from_amount, //@audit no zero amount check
        woopool_from,
        &decimals_from,
        &state_from,
    )?;

    wooracle_from.post_price(new_base_price)?;

    // ... (later code omitted for brevity)
}

Recommendation

Implement a minimum swap amount check at the beginning of the swap handler function. This check should reject any swap attempts with zero or very small amounts that could lead to the identified issues. For example:

    pub fn handler(ctx: Context<Swap>, from_amount: u128, min_to_amount: u128) -> Result<()> {
    require!(from_amount > MINIMUM_SWAP_AMOUNT, ErrorCode::SwapAmountTooLow);
    // ... (rest of the function)
    }

You may also deode to Define MINIMUM_SWAP_AMOUNT as a constant that represents the smallest acceptable swap amount for the protocol. This will prevent zero-amount swaps and their associated issues while maintaining the integrity of the protocol's operations.

[toprince]

Good point. Need further investigation.

[sherlock-admin2]

The protocol team fixed this issue in the following PRs/commits: https://github.com/woonetwork/WOOFi_Solana/pull/44

[gjaldon]

A min_swap_amount is added to protect against zero-amount swaps.