This repository has been archived by the owner on Nov 26, 2023. It is now read-only.
Proxy - Not using slippage parameter or deadline while swapping on UniswapV3 #673
Labels
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
High
A valid High severity issue
Reward
A payout will be made for this issue
Comments
github-actions
bot
added
High
This was referenced Jun 5, 2023
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Viktor_Cortess - Missing deadline checks allow pending transactions to be maliciously executed.
#248
Closed
This was referenced Jun 5, 2023
Closed
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Proxy
medium
Not using slippage parameter or deadline while swapping on UniswapV3
Summary
While making a swap on UniswapV3 the caller should use the slippage parameter
amountOutMinimumanddeadlineparameter to avoid losing funds.Vulnerability Detail
UniV3SwapInput()inUSSDcontract does not use the slippage parameteramountOutMinimumnordeadline.amountOutMinimumis used to specify the minimum amount of tokens the caller wants to be returned from a swap. UsingamountOutMinimum = 0tells the swap that the caller will accept a minimum amount of 0 output tokens from the swap, opening up the user to a catastrophic loss of funds via MEV bot sandwich attacks.deadlinelets the caller specify a deadline parameter that enforces a time limit by which the transaction must be executed. Without a deadline parameter, the transaction may sit in the mempool and be executed at a much later time potentially resulting in a worse price for the user.Impact
Loss of funds and not getting the correct amount of tokens in return.
Code Snippet
UniV3SwapInput()amountOutMinimumdeadlineTool used
Manual Review
Recommendation
Use parameters
amountOutMinimumanddeadlinecorrectly to avoid loss of funds.The text was updated successfully, but these errors were encountered: