Skip to content

Latest commit

 

History

History
38 lines (31 loc) · 1.75 KB

048.md

File metadata and controls

38 lines (31 loc) · 1.75 KB

qbs

high

Missing deadline check and hardcoded slippage in UniV3SwapInput function

Summary

The UniV3SwapInput function in the USSD contract contains two vulnerabilities: a missing deadline check and a hardcoded slippage value.

Vulnerability Detail

  1. Missing deadline check: The UniV3SwapInput function prepares an ExactInputParams struct to be passed as an argument to the Uniswap router's exactInput function. However, the code comments out the assignment of the deadline value in the struct, resulting in a revert on the exactInput call.

  2. Hardcoded slippage value: The exactInput function of the Uniswap router receive a amountOutMinimum parameter that specifies the minimum acceptable amount of output tokens in a swap. In the UniV3SwapInput function, this value is hardcoded to 0. Setting a slippage value of 0 means that the user accepts any output token amount, exposing them to potential losses through manipulative MEV (Miner Extractable Value) bot sandwich attacks.

Impact

Code Snippet

USSD.sol#L227-240

    function UniV3SwapInput(
        bytes memory _path,
        uint256 _sellAmount
    ) public override onlyBalancer {
        IV3SwapRouter.ExactInputParams memory params = IV3SwapRouter
            .ExactInputParams({
                path: _path,
                recipient: address(this),
                //deadline: block.timestamp,
                amountIn: _sellAmount,
                amountOutMinimum: 0
            });
        uniRouter.exactInput(params);
    }

Tool used

Manual Review

Recommendation

Allow users to define their own deadline and amountOutMinimum parameters" check grammar correctness