Daring Mustard Crab
Medium
- The
_tokenToPairedLpTokenfunction exposes users to slippage risk during token swaps. - The function lacks a defined minimum output (_amountOutMin) in certain swaps, especially for non-rewards tokens.
Severity: Medium Impact: Medium Likelihood: Medium
_amountOut = _swap(_token, _swapOutputTkn, _amountIn, 0);
...
try DEX_ADAPTER.swapV3Single(
_rewardsToken,
_swapOutputTkn,
REWARDS_POOL_FEE,
_amountIn,
0, // _amountOutMin can be 0 because this is nested inside of function with LP slippage provided
address(this)
) returns (uint256 __amountOut)- Issue: The function allows token swaps with _amountOutMin set to 0, leading to possible significant slippage.
- Security Breakdown: No fail-safe or minimum output check for token swaps, which could result in the user receiving fewer tokens than expected due to price fluctuations.
- Propagation: If the market fluctuates significantly, this slippage could lead to financial loss.
- This issue does not allow immediate exploits or breaches.
- The vulnerability poses a risk of financial loss through slippage, especially in volatile or low-liquidity conditions.
- The likelihood of slippage is higher in volatile markets or low-liquidity conditions.
- In normal trading environments, this risk is less likely to occur.
- Fix: Introduce a minimum output parameter (_amountOutMin) for all token swaps to protect against excessive slippage:
uint256 _slippageTolerance = 5; // Example: 5% slippage tolerance
uint256 _amountOutMin = (_amountIn * (100 - _slippageTolerance)) / 100;
_amountOut = _swap(_token, _swapOutputTkn, _amountIn, _amountOutMin);- Benefit: This ensures that users only receive a swap if the output meets a minimum threshold, thus preventing significant losses from slippage.