You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Nov 26, 2023. It is now read-only.
sherlock-admin opened this issue
May 23, 2023
· 0 comments
Labels
DuplicateA valid issue that is a duplicate of an issue with `Has Duplicates` labelHighA valid High severity issueRewardA payout will be made for this issue
Rebalancer executes swaps without slippage protection
Summary
The rebalancer contract calls USSD#UniV3SwapInput function that executes swaps without slippage protection. That will cause a loss of funds because of sandwich attacks.
Vulnerability Detail
The UniV3SwapInput function calls the Uniswap V3 function ExactInputParams to perform swaps (used to rebalance the protocol) but it is setting the param amountOutMinimum to 0, meaning there is no slippage protection in this swap.
Having set the amountOutMinimum param to 0 means there is no slippage protection in the swap. Therefore swaps will be sandwiched causing a loss of funds every time the protocol rebalances.
Sign up for freeto subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Labels
DuplicateA valid issue that is a duplicate of an issue with `Has Duplicates` labelHighA valid High severity issueRewardA payout will be made for this issue
TheNaubit
high
Rebalancer executes swaps without slippage protection
Summary
The rebalancer contract calls
USSD#UniV3SwapInput
function that executes swaps without slippage protection. That will cause a loss of funds because of sandwich attacks.Vulnerability Detail
The
UniV3SwapInput
function calls the Uniswap V3 functionExactInputParams
to perform swaps (used to rebalance the protocol) but it is setting the paramamountOutMinimum
to 0, meaning there is no slippage protection in this swap.Here is a similar report in the past: sherlock-audit/2023-01-derby-judging#64
Impact
Having set the
amountOutMinimum
param to 0 means there is no slippage protection in the swap. Therefore swaps will be sandwiched causing a loss of funds every time the protocol rebalances.Code Snippet
https://github.com/sherlock-audit/2023-05-USSD/blob/main/ussd-contracts/contracts/USSD.sol#L237
Tool used
Manual Review
Recommendation
Slippage parameter should be included in the function call and not be 0.
Duplicate of #673
The text was updated successfully, but these errors were encountered: