You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Nov 26, 2023. It is now read-only.
sherlock-admin opened this issue
May 23, 2023
· 0 comments
Labels
DuplicateA valid issue that is a duplicate of an issue with `Has Duplicates` labelHighA valid High severity issueRewardA payout will be made for this issue
There is no slippage being enforced which allows any amount to be returned. The gives attackers the chance to steal funds from this transaction.
Vulnerability Detail
Because amountOutMinimum is hard coded to zero any value can be returned allowing these transactions to be sandwich attacked and allow an attack to steal most all funds.
Sign up for freeto subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Labels
DuplicateA valid issue that is a duplicate of an issue with `Has Duplicates` labelHighA valid High severity issueRewardA payout will be made for this issue
kiki_dev
high
UniV3SwapInput()
Missing slippage protectionSummary
There is no slippage being enforced which allows any amount to be returned. The gives attackers the chance to steal funds from this transaction.
Vulnerability Detail
Because
amountOutMinimum
is hard coded to zero any value can be returned allowing these transactions to be sandwich attacked and allow an attack to steal most all funds.Impact
Loss of funds
Code Snippet
https://github.com/sherlock-audit/2023-05-USSD/blob/main/ussd-contracts/contracts/USSD.sol#L237
Tool used
Manual Review
Recommendation
Have a dynamic
amountOutMinimum
value that lets the protocol or user(ideal) choose the acceptable amount out.Duplicate of #673
The text was updated successfully, but these errors were encountered: