Fixed Swap Ratios in Defi to Stable Coin Swaps Can Cause Permanent User Loss and XYZ Stablecoins Depegging
Summary
in defi to stable swaps, ss.tamount is fixed regardless of output amount of defi swap which is assigned to ss.oamount, this brings up two potential issues:
1- Potential permanent loss for users: in majority of defi to stable coin swaps, users receiving tamount by paying less oamount (profit) or receiving same tamount by paying more oamount(permanent loss)
2- XYZ stablecoins loss peg: Inconsistencies in the XYZ stablecoin reserves. Over time, this imbalance can prevent the XYZ tokens from maintaining their intended 1:1 peg, potentially leading to depegging.
Root Cause
In the defiToStablecoinSwap or swap(directional = true) functions, each swap has two parts:
Because the second swap uses a fixed ratio (tAmount for oAmount), any fluctuation in the first swap can result in users either facing permanent loss (e.g. paying more USDC for the same amount of XYZ) or gaining unintended benefits (paying less USDC for more XYZ). This inconsistency can also cause the reserves of the XYZ token to become imbalanced and not maintain the intended 1:1 peg, potentially leading to depegging.
Scenario:
Alice decides to swap 1 ETH (priced at 2700$) for 2700 XYZ token
Alice initiates the swap through Telecoin platform, agreeing to the ratios and setting 5% as the slippage tolerance
In this scenario which is very likely to happen, Alice made a permanent loss on this trade and XYZ reserves made a deviation from being 1:1, in this scenario each XYZ stable coin was traded 1.04$.
Internal pre-conditions
No response
External pre-conditions
The first coin in the defi to stable coin swap being and active and volatile token like ETH
Attack Path
No response
Impact
In the defiToStablecoinSwap function, the two-part swap process can lead to the:
1- Permanent loss for users, i.e paying more USDC for receiving less XYZ stablecoin
2- depegging of the XYZ tokens due to exchange rate fluctuations in the first swap.
The impact of this issue is higher if the first token in the defi to stable swap path is a token with a low marketcap, for example, if user decided to swap a volatile meme coin for an XYZ stable coin, the impact of this could be way higher (depends on slippage tolerance also)
rsam_eth
High
Fixed Swap Ratios in Defi to Stable Coin Swaps Can Cause Permanent User Loss and XYZ Stablecoins Depegging
Summary
in defi to stable swaps,
ss.tamountis fixed regardless of output amount of defi swap which is assigned toss.oamount, this brings up two potential issues: 1- Potential permanent loss for users: in majority ofdefi to stable coinswaps, users receivingtamountby paying lessoamount(profit) or receiving sametamountby paying moreoamount(permanent loss) 2- XYZ stablecoins loss peg: Inconsistencies in the XYZ stablecoin reserves. Over time, this imbalance can prevent the XYZ tokens from maintaining their intended 1:1 peg, potentially leading to depegging.Root Cause
In the
defiToStablecoinSwaporswap(directional = true)functions, each swap has two parts:1- Defi Swap: Performed via aggregators like
0xor1inch, where volatile tokens (e.g., ETH) are swapped for an intermediary token (e.g., USDC). The output amount here(ss.oAmount)can vary based on market conditions and prior transactions. https://github.com/sherlock-audit/2024-11-telcoin/blob/main/telcoin-audit/contracts/swap/AmirX.sol#L123 2- Stablecoin Swap: Swaps output of first swap (ss.oAmountofss.origin) for a fixedss.tAmountofss.target(an XYZ token in our example) https://github.com/sherlock-audit/2024-11-telcoin/blob/main/telcoin-audit/contracts/swap/AmirX.sol#L122-L127Because the second swap uses a fixed ratio (
tAmountforoAmount), any fluctuation in the first swap can result in users either facing permanent loss (e.g. paying more USDC for the same amount of XYZ) or gaining unintended benefits (paying less USDC for more XYZ). This inconsistency can also cause the reserves of the XYZ token to become imbalanced and not maintain the intended 1:1 peg, potentially leading to depegging.Scenario:
ss.oamountis set to2810e6: https://github.com/sherlock-audit/2024-11-telcoin/blob/main/telcoin-audit/contracts/swap/AmirX.sol#L122-L125_stablecoinSwapfunction, swapping2810e6ofss.originfor2700e18ofss.target: https://github.com/sherlock-audit/2024-11-telcoin/blob/main/telcoin-audit/contracts/stablecoin/StablecoinHandler.sol#L160-L180In this scenario which is very likely to happen, Alice made a permanent loss on this trade and XYZ reserves made a deviation from being 1:1, in this scenario each XYZ stable coin was traded 1.04$.
Internal pre-conditions
No response
External pre-conditions
defi to stable coin swapbeing and active and volatile token like ETHAttack Path
No response
Impact
In the
defiToStablecoinSwapfunction, the two-part swap process can lead to the: 1- Permanent loss for users, i.e paying more USDC for receiving less XYZ stablecoin 2-depeggingof theXYZtokens due to exchange rate fluctuations in the first swap.The impact of this issue is higher if the first token in the
defi to stableswap path is a token with a low marketcap, for example, if user decided to swap a volatile meme coin for an XYZ stable coin, the impact of this could be way higher (depends on slippage tolerance also)PoC
No response
Mitigation
No response