This repository has been archived by the owner on Jun 2, 2024. It is now read-only.
caventa - Curve token swap will likely to fail because fee and slippage consideration are excluded #108
Comments
github-actions
bot
added
Medium
sherlock-admin2
changed the title
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
caventa
medium
Curve token swap will likely to fail because fee and slippage consideration are excluded
Summary
Token swap in Curve Finance will likely to fail because it does not consider fee and slippage.
Vulnerability Detail
The code does not account for slippage or trading fees. It uses the output from get_dy to directly set the minimum acceptable output in the exchange function. However, get_dy only provides an estimate and does not include potential slippage or fees incurred during the swap.
Impact
Due to the lack of slippage and fee consideration, there's a significant risk that the actual output of the swap will be less than the input amount, leading the transaction to fail. This can result in wasted gas fees and a failed swap.
Code Snippet
https://github.com/sherlock-audit/2023-11-convergence/blob/main/sherlock-cvg/contracts/utils/SdtUtilities.sol#L150-L152
https://github.com/sherlock-audit/2023-11-convergence/blob/main/sherlock-cvg/contracts/utils/SdtUtilities.sol#L93-L96
Tool used
Manual Review
Recommendation
Introduce a slippage tolerance percentage to calculate the minimum acceptable output amount.
Duplicate of #180
The text was updated successfully, but these errors were encountered: