n1punp - Missing slippage control validation in opening position function in AuraSpell #32

sherlock-admin · 2023-04-30T15:46:19Z

n1punp

high

Missing slippage control validation in opening position function in AuraSpell

Summary

Missing slippage control validation in opening position function in AuraSpell

Vulnerability Detail

Users who try to open position in Aura pool via Blueberry can get sandwiched attack, leading to the user potentially getting 0 lp amount from swaps, and the tx will still succeed.

Impact

All your farmers to the Aura pool will get sandwiched and wrecked.

Code Snippet

https://github.com/sherlock-audit/2023-04-blueberry/blob/main/blueberry-core/contracts/spell/AuraSpell.sol#L63-L147

Tool used

Manual Review

Recommendation

Add slippage control for minLPAmount and check with the obtained lpAmount.

Duplicate of #121

github-actions bot closed this as completed May 3, 2023

github-actions bot added High A valid High severity issue Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label labels May 3, 2023

sherlock-admin added the Reward A payout will be made for this issue label May 20, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

n1punp - Missing slippage control validation in opening position function in AuraSpell #32

n1punp - Missing slippage control validation in opening position function in AuraSpell #32

sherlock-admin commented Apr 30, 2023 •

edited by github-actions bot

Loading

n1punp - Missing slippage control validation in opening position function in AuraSpell #32

n1punp - Missing slippage control validation in opening position function in AuraSpell #32

Comments

sherlock-admin commented Apr 30, 2023 • edited by github-actions bot Loading

Missing slippage control validation in opening position function in AuraSpell

Summary

Vulnerability Detail

Impact

Code Snippet

Tool used

Recommendation

sherlock-admin commented Apr 30, 2023 •

edited by github-actions bot

Loading