Zero-Amount Swap Vulnerability in WOOFi Solana Protocol
Summary
This protocol's swap function allows for zero-amount swaps, potentially leading to unintended protocol behavior, unnecessary gas consumption, and possible exploitation of price oracle updates.
The swap function in the WOOFi Solana protocol does not explicitly check for zero-amount swaps. When a user initiates a swap with a zero amount, the following sequence of events occurs:
The swap_math::calc_quote_amount_sell_base function processes the zero amount without error, returning zero for the quote amount.
No actual token transfer occurs, but the transfer functions are still called.
Pool reserves are updated with zero values, which is a no-op but consumes gas.
The Wooracle price is updated despite no actual trade occurring.
A swap event is emitted with zero values.
This behavior, while not causing panics or runtime errors, can lead to inconsistent protocol state and potential exploitation.
Impact
The impact of this vulnerability includes:
Unnecessary gas consumption for zero-value operations.
Potential manipulation of price oracles without actual token movement.
Emission of misleading swap events with zero values.
Possible exploitation of fee mechanisms or other protocol features that rely on non-zero swap amounts.
Code snippet
pub fn handler(ctx: Context<Swap>, from_amount: u128, min_to_amount: u128) -> Result<()> {
// ... (earlier code omitted for brevity)
let (_quote_amount, new_base_price) = swap_math::calc_quote_amount_sell_base(
from_amount, //@audit no zero amount check
woopool_from,
&decimals_from,
&state_from,
)?;
wooracle_from.post_price(new_base_price)?;
// ... (later code omitted for brevity)
}
Recommendation
Implement a minimum swap amount check at the beginning of the swap handler function. This check should reject any swap attempts with zero or very small amounts that could lead to the identified issues. For example:
You may also deode to Define MINIMUM_SWAP_AMOUNT as a constant that represents the smallest acceptable swap amount for the protocol. This will prevent zero-amount swaps and their associated issues while maintaining the integrity of the protocol's operations.
Little Aquamarine Jellyfish
Medium
Zero-Amount Swap Vulnerability in WOOFi Solana Protocol
Summary
This protocol's
swap
function allows for zero-amount swaps, potentially leading to unintended protocol behavior, unnecessary gas consumption, and possible exploitation of price oracle updates.Relevant links
https://github.com/sherlock-audit/2024-08-woofi-solana-deployment/blob/main/WOOFi_Solana/programs/woofi/src/instructions/swap.rs#L135-L149
Details
The
swap
function in the WOOFi Solana protocol does not explicitly check for zero-amount swaps. When a user initiates a swap with a zero amount, the following sequence of events occurs:swap_math::calc_quote_amount_sell_base
function processes the zero amount without error, returning zero for the quote amount.This behavior, while not causing panics or runtime errors, can lead to inconsistent protocol state and potential exploitation.
Impact
The impact of this vulnerability includes:
Code snippet
Recommendation
Implement a minimum swap amount check at the beginning of the swap handler function. This check should reject any swap attempts with zero or very small amounts that could lead to the identified issues. For example:
You may also deode to Define
MINIMUM_SWAP_AMOUNT
as a constant that represents the smallest acceptable swap amount for the protocol. This will prevent zero-amount swaps and their associated issues while maintaining the integrity of the protocol's operations.