Open sherlock-admin2 opened 2 weeks ago
individual57721
Medium
The swap functions AmirX::swap(), AmirX:: defiToStablecoinSwap(), AmirX::stablecoinToDefiSwap() and AmirX::defiSwap() are lacking slippage protection.
AmirX::swap()
AmirX:: defiToStablecoinSwap()
AmirX::stablecoinToDefiSwap()
AmirX::defiSwap()
https://github.com/sherlock-audit/2024-11-telcoin/blob/main/telcoin-audit/contracts/swap/AmirX.sol#L73-L164
No response
Frontrun, Sandwich attack (MEV-style attack) due to no slippage protection when swapping.
This issue may lead to the victim actor potentially suffering a loss from a sandwich attack by a malicious actor.
Attacker sandwich/frontruns swaps from victim users.
Consider allowing the user to specify a minimum amount out for the swap to protect them from sandwich attacks.
Add slippage checks and validate user's min amount out.
individual57721
Medium
The swap functions inside AmirX.sol are lacking slippage protection
Summary
The swap functions
AmirX::swap(),AmirX:: defiToStablecoinSwap(),AmirX::stablecoinToDefiSwap()andAmirX::defiSwap()are lacking slippage protection.Root Cause
https://github.com/sherlock-audit/2024-11-telcoin/blob/main/telcoin-audit/contracts/swap/AmirX.sol#L73-L164
Internal pre-conditions
No response
External pre-conditions
No response
Attack Path
No response
Impact
Frontrun, Sandwich attack (MEV-style attack) due to no slippage protection when swapping.
This issue may lead to the victim actor potentially suffering a loss from a sandwich attack by a malicious actor.
Attacker sandwich/frontruns swaps from victim users.
PoC
No response
Mitigation
Consider allowing the user to specify a minimum amount out for the swap to protect them from sandwich attacks.
Add slippage checks and validate user's min amount out.