sherlock-audit / 2024-10-axion

0 stars 1 forks source link

Missing Implementation in _validateSwap Function Allows Unchecked Swaps #16

Open CipherHawk0 opened 1 month ago

CipherHawk0 commented 1 month ago

Summary

The empty _validateSwap function will cause a low impact on the protocol's swap validation mechanism as it lacks implementation, potentially allowing unchecked swaps that may lead to unfavorable trading conditions or imbalances.

Root Cause

In SolidlyV3AMO.sol, the _validateSwap function is declared but not implemented. This omission means that any intended validation logic to ensure swaps occur under favorable conditions is missing, potentially allowing unchecked swaps.

Relevant Code Snippet: function _validateSwap(bool boostForUsd) internal view override {}

Internal pre-conditions

1-A swap operation is triggered by calling internal functions like _mintAndSellBoost or _unfarmBuyBurn. 2-The _validateSwap function is expected to perform necessary checks before allowing the swap to proceed.

External pre-conditions

1-The pool contract operates correctly and returns accurate swap results. 2-External market conditions do not inherently prevent unfavorable swaps, but the protocol relies on internal validations to enforce swap conditions.

Attack Path

1-The attacker or a user initiates a swap operation that would typically require validation. 2-Due to the empty _validateSwap function, no checks are performed to ensure the swap meets the protocol's conditions. 3-The swap proceeds unchecked, potentially resulting in unfavorable trading conditions or imbalances. 4-The protocol may experience reduced efficiency in liquidity management, leading to potential financial losses or destabilization of the BOOST peg.

Impact

The protocol experiences a low risk of unchecked swaps leading to unfavorable trading conditions or liquidity imbalances. While the absence of validation may not immediately result in financial loss, it undermines the protocol's robustness in managing swaps effectively.

PoC

// SPDX-License-Identifier: MIT pragma solidity 0.8.19;

import "./SolidlyV3AMO.sol";

contract SwapValidationAttackV3 { SolidlyV3AMO amo;

constructor(address amoAddress) {
    amo = SolidlyV3AMO(amoAddress);
}

function exploit() public {
    // Initiate a swap that would typically be validated
    // Due to missing implementation in _validateSwap, the swap proceeds unchecked
    amo._mintAndSellBoost(
        1e18,               // boostAmount
        1e16,               // minUsdAmountOut
        block.timestamp + 100 // deadline
    );
}

}

Mitigation

1-Implement Swap Validation Logic: Complete the _validateSwap function to perform necessary checks before allowing swaps to proceed.

function _validateSwap(bool boostForUsd) internal view override {
    // Example validation: Ensure that the swap does not exceed certain price thresholds
    uint256 currentPrice = boostPrice();
    if (boostForUsd) {
        require(currentPrice <= MAX_PRICE_THRESHOLD, "Swap price exceeds maximum threshold");
    } else {
        require(currentPrice >= MIN_PRICE_THRESHOLD, "Swap price below minimum threshold");
    }
}

2-Define Clear Validation Criteria: Establish and enforce specific conditions under which swaps are considered favorable or allowed. 3-Integrate Validation into Swap Functions: Ensure that _validateSwap is called at appropriate points within swap-related functions to enforce validations.

function _mintAndSellBoost(
    uint256 boostAmount,
    uint256 minUsdAmountOut,
    uint256 deadline
) internal override returns (uint256 boostAmountIn, uint256 usdAmountOut) {
    // Validate the swap before proceeding
    _validateSwap(boost < usd);
    // Proceed with swap logic
}

4-Comprehensive Testing: Develop unit tests that verify the effectiveness of the swap validation logic under various scenarios. 5-Regular Code Reviews: Ensure that all critical functions have complete and thorough implementations to prevent oversights.

calc1f4r commented 1 month ago

Check , it has not been used in solidlyv3amo.sol, it was in abstract only !