This repository has been archived by the owner on Nov 26, 2023. It is now read-only.
kiki_dev - UniV3SwapInput() Missing slippage protection
#120
Comments
github-actions
bot
added
High
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
kiki_dev
high
UniV3SwapInput()Missing slippage protectionSummary
There is no slippage being enforced which allows any amount to be returned. The gives attackers the chance to steal funds from this transaction.
Vulnerability Detail
Because
amountOutMinimumis hard coded to zero any value can be returned allowing these transactions to be sandwich attacked and allow an attack to steal most all funds.Impact
Loss of funds
Code Snippet
https://github.com/sherlock-audit/2023-05-USSD/blob/main/ussd-contracts/contracts/USSD.sol#L237
Tool used
Manual Review
Recommendation
Have a dynamic
amountOutMinimumvalue that lets the protocol or user(ideal) choose the acceptable amount out.Duplicate of #673
The text was updated successfully, but these errors were encountered: