ni8mare - No slippage protection in swap functions of UniswapExtension.sol

[sherlock-admin]

ni8mare

medium

No slippage protection in swap functions of UniswapExtension.sol

Summary

There are no checks for slippage protection for users when uniV3ExactInputInternalis used.

Vulnerability Detail

The function uniV3ExactInputInternal performs swap using the uniswapV3 swap function. This swap function takes recipient, zeroForOne, amountSpecified, sqrtPriceLimitX96, data as its parameters.

But, the problem arises here when sqrtPriceLimitX96(represents the square root of the lowest or highest price that you are willing to perform the trade at) is hard coded to TickMath.MAX_SQRT_RATIO - 1 or TickMath.MIN_SQRT_RATIO + 1, meaning that we are willing to take the worst possible rate (highest price in the event we are trading 1 => 0; lowest price in the event we are trading 0 => 1) and hence a user is susceptible to slippage.

Impact

As there is no slippage protection, users can get tokens lower than expected and can also be subjected to frontrunning attacks.

Code Snippet

In uniV3ExactInputInternal:

function uniV3ExactInputInternal(
    uint256 amountIn,
    address recipient,
    UniV3SwapData memory data
) internal returns (uint256 amountOut) {
    (address tokenIn, address tokenOut, uint24 fee) = data
        .path
        .decodeFirstPool();

    bool zeroForOne = tokenIn < tokenOut;

    (int256 amount0, int256 amount1) = IUniswapV3Pool(
        getUniV3Pool(tokenIn, tokenOut, fee)
    ).swap(
            recipient,
            zeroForOne,
            amountIn.toInt256(),
            zeroForOne
                ? TickMath.MIN_SQRT_RATIO + 1
                : TickMath.MAX_SQRT_RATIO - 1,
            abi.encode(data)
        );

    return uint256(-(zeroForOne ? amount1 : amount0));
}

Tool used

Manual Review

Recommendation

Make the user input a slippage parameter instead of hardcoding values to ensure that the amount of token they receive back from Uniswap is in line with what they expect. Please check this issue