Code4renaCODE423N4:2023-08-GOODENTRY-FINDINGS-ISSUES-550Avoid the use of hard coded slippage
Vulnerability details
Impact
In OptionsPositionManager.sol, swapExactTokensForTokens() has used the hardcoded slippage of 1% which is used in withdrawOptionAssets() and swapTokens() functions.
function swapExactTokensForTokens(IUniswapV2Router01 ammRouter, IPriceOracle oracle, uint amount, address[] memory path)
internal returns (uint256 received)
{
if (amount > 0 && AmountsRouter(address(ammRouter)).getAmountsOut(amount, path)[1] > 0){
checkSetAllowance(path[0], address(ammRouter), amount);
uint[] memory amounts = ammRouter.swapExactTokensForTokens(
amount,
>> getTargetAmountFromOracle(oracle, path[0], amount, path[1]) * 99 / 100, // allow 1% slippage
path,
address(this),
block.timestamp
);
received = amounts[1];
}
}
Issue here is that user can end up giving away the full 1% unconditionally to market situation because there may not be enough token available. Another one is that knowing that the conditions are bad or that there are not enough tokens available and willing to run the exchange with bigger slippage the user will not be able to as there are no means to control it and the functionality will end up unavailable.
Tools Used
Manual Review
Recommended Mitigation Steps
Consider adding the function argument with a default value of 1%, so the slippage can be tuned when it is needed.
Assessed type
Other
The text was updated successfully, but these errors were encountered:
All reactions