Swapping can be frontrun to provide a low rate for the user
Summary
Case 1 : The swap function in the AmirX contract is designed to handle both stablecoin and DeFi swaps based on the provided parameters. This function allows for directional control of the swap sequence (either starting with a DeFi swap or a stablecoin swap). However, upon review, it is observed that there is no slippage protection mechanism implemented within this function.
Case 2 : The defiToStablecoinSwap function performs a DeFi swap followed by a stablecoin swap. It adjusts the amount of the stablecoin swap (ss.oAmount) based on the balance change of the ss.origin token in the user's wallet after the DeFi swap. However, there is no mechanism to ensure that the rate of token exchange falls within an acceptable range defined by the user, commonly known as slippage protection.
Root Cause
Case #1 :
In the provided swap function:The function checks if ss.destination is not zero to determine if it is a stablecoin swap and similarly checks defi.walletData.length to validate a DeFi swap.
The function adjusts the amount of stablecoin to be swapped (ss.oAmount) based on the balance change after a DeFi swap, which suggests an attempt to handle the outcome of previous operations.
However, there is no explicit check or mechanism to ensure that the price slippage is within acceptable bounds. This is critical especially when the swap involves intermediary tokens or when dealing with high volatility tokens.
Case #2 :
The root cause of the vulnerability in the defiToStablecoinSwap function of the AmirX contract is the absence of slippage protection mechanisms. This function adjusts the output amount for a stablecoin swap based on the token balance before and after a DeFi swap without validating against a minimum expected amount of tokens to be received. This lack of validation allows the function to proceed with the stablecoin swap even if the DeFi swap results in significantly unfavorable token amounts due to market volatility or rapid price changes. Consequently, users are exposed to potential financial losses from high slippage, as the contract does not prevent or mitigate transactions under these unfavorable conditions.
Internal pre-conditions
No response
External pre-conditions
No response
Attack Path
No response
Impact
Without a mechanism to limit slippage, transactions may execute at prices that are significantly different from those at the time of order submission.
Attacker can frontrun swaps to provide a less value to the end user.
PoC
No response
Mitigation
Implement a slippage protection
Introduce a parameter in the StablecoinSwap and/or DefiSwap structures to allow users to specify the maximum acceptable slippage.
calc1f4r
Medium
Swapping can be frontrun to provide a low rate for the user
Summary
Case 1 : The swap function in the AmirX contract is designed to handle both stablecoin and DeFi swaps based on the provided parameters. This function allows for directional control of the swap sequence (either starting with a DeFi swap or a stablecoin swap). However, upon review, it is observed that there is no slippage protection mechanism implemented within this function.
Case 2 : The defiToStablecoinSwap function performs a DeFi swap followed by a stablecoin swap. It adjusts the amount of the stablecoin swap (ss.oAmount) based on the balance change of the ss.origin token in the user's wallet after the DeFi swap. However, there is no mechanism to ensure that the rate of token exchange falls within an acceptable range defined by the user, commonly known as slippage protection.
Root Cause
Case #1 : In the provided swap function:The function checks if ss.destination is not zero to determine if it is a stablecoin swap and similarly checks defi.walletData.length to validate a DeFi swap. The function adjusts the amount of stablecoin to be swapped (ss.oAmount) based on the balance change after a DeFi swap, which suggests an attempt to handle the outcome of previous operations. However, there is no explicit check or mechanism to ensure that the price slippage is within acceptable bounds. This is critical especially when the swap involves intermediary tokens or when dealing with high volatility tokens.
Case #2 : The root cause of the vulnerability in the defiToStablecoinSwap function of the AmirX contract is the absence of slippage protection mechanisms. This function adjusts the output amount for a stablecoin swap based on the token balance before and after a DeFi swap without validating against a minimum expected amount of tokens to be received. This lack of validation allows the function to proceed with the stablecoin swap even if the DeFi swap results in significantly unfavorable token amounts due to market volatility or rapid price changes. Consequently, users are exposed to potential financial losses from high slippage, as the contract does not prevent or mitigate transactions under these unfavorable conditions.
Internal pre-conditions
No response
External pre-conditions
No response
Attack Path
No response
Impact
Without a mechanism to limit slippage, transactions may execute at prices that are significantly different from those at the time of order submission.
Attacker can frontrun swaps to provide a less value to the end user.
PoC
No response
Mitigation
Implement a slippage protection Introduce a parameter in the StablecoinSwap and/or DefiSwap structures to allow users to specify the maximum acceptable slippage.