This repository has been archived by the owner on Nov 26, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 7
Proxy - Not using slippage parameter or deadline while swapping on UniswapV3 #673
Labels
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
High
A valid High severity issue
Reward
A payout will be made for this issue
Comments
github-actions
bot
added
High
A valid High severity issue
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
labels
Jun 5, 2023
This was referenced Jun 5, 2023
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Viktor_Cortess - Missing deadline checks allow pending transactions to be maliciously executed.
#248
Closed
This was referenced Jun 5, 2023
Closed
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Labels
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
High
A valid High severity issue
Reward
A payout will be made for this issue
Proxy
medium
Not using slippage parameter or deadline while swapping on UniswapV3
Summary
While making a swap on UniswapV3 the caller should use the slippage parameter
amountOutMinimum
anddeadline
parameter to avoid losing funds.Vulnerability Detail
UniV3SwapInput()
inUSSD
contract does not use the slippage parameteramountOutMinimum
nordeadline
.amountOutMinimum
is used to specify the minimum amount of tokens the caller wants to be returned from a swap. UsingamountOutMinimum = 0
tells the swap that the caller will accept a minimum amount of 0 output tokens from the swap, opening up the user to a catastrophic loss of funds via MEV bot sandwich attacks.deadline
lets the caller specify a deadline parameter that enforces a time limit by which the transaction must be executed. Without a deadline parameter, the transaction may sit in the mempool and be executed at a much later time potentially resulting in a worse price for the user.Impact
Loss of funds and not getting the correct amount of tokens in return.
Code Snippet
UniV3SwapInput()
amountOutMinimum
deadline
Tool used
Manual Review
Recommendation
Use parameters
amountOutMinimum
anddeadline
correctly to avoid loss of funds.The text was updated successfully, but these errors were encountered: