Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
code423n4Code4renaCODE423N4:2023-08-SHELL-FINDINGS-ISSUES-150
HistoryAug 28, 2023 - 12:00 a.m.

Lack of slippage parameter in swap can cause losses for users

2023-08-2800:00:00
Code4rena
github.com
5
slippage control
user funds
frontrunning.
JSON

Lines of code
<https://github.com/code-423n4/2023-08-shell/blob/c61cf0e01bada04c3d6055acb81f61955ed600aa/src/proteus/EvolvingProteus.sol#L312&gt;

Vulnerability details

Impact

Users can incure losses do to lack of slippage control.
Detailed description of the impact of this finding.
Slippage control helps to safeguard user funds against price falling below a certain threshold. This can be caused byfrontrunning attack.

Proof of Concept

Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept.
Take for instance.
1β€’ UserA tries to swap his xtoken for ytoken
2β€’ malicious user then on seeing this runs a frontrun attack which increases the volume of xtoken in the pool, lowering it’s price.
3β€’ UserA transaction goes through but due to the reduced price of xtoken, it swaps for lesser number if ytokens than the user intended thereby leaging to losses for the user.

Tools Used

Manual review

Recommended Mitigation Steps

Add slippage parameter to the swap functions

Assessed type

Invalid Validation

The text was updated successfully, but these errors were encountered:

All reactions

JSON