# Function withdraw may be reverted due to hardcoded slippage during market turbulence conditions. #711
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
duplicate-150
satisfactory
satisfies C4 submission criteria; eligible for awards
Comments
code423n4
added
2 (Med Risk)
|
0xSorryNotSorry marked the issue as duplicate of #814 |
|
Picodes marked the issue as duplicate of #588 |
c4-judge
added
duplicate-588
satisfactory
|
Picodes marked the issue as satisfactory |
|
Picodes marked the issue as not a duplicate |
|
Picodes marked the issue as duplicate of #150 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Lines of code
https://github.com/code-423n4/2023-03-asymmetry/blob/main/contracts/SafEth/derivatives/WstEth.sol#L60
Vulnerability details
Function withdraw may be reverted due to hardcoded slippage during market turbulence conditions.
WstEth.sol has a hardcoded maxSlipage as 1%. It could revert the withdraw function during sudden price crashes.
Proof of Concept
https://github.com/code-423n4/2023-03-asymmetry/blob/main/contracts/SafEth/derivatives/WstEth.sol#L35
https://github.com/code-423n4/2023-03-asymmetry/blob/main/contracts/SafEth/derivatives/WstEth.sol#L60
Due to hard coded maxSlippage owner unable to define minOut so that its a constant (relative to the input parameter amount) , eventually Owner unable to perform the withdraw function during price crash conditions.
Tools Used
Manual Auditing
Recommended Mitigation Steps
Remove the hard coded maxSlippage & let owner to determine the maximum slippage he's willing to take with the current market condition as a
input parameter for the withdraw function.
The text was updated successfully, but these errors were encountered: