There is no slippage protection in the function swapRWAtoStbc/swapRWAtoStbcIntent.

Summary

there is slippage check in the function swap but there is no slippage protection in the function swapRWAtoStbc/swapRWAtoStbcIntent. As a result, users can get less usd0 tokens than expected.

Root Cause

there is minAmountOut parameter in the function swap but there is no minAmountOut parameter in the function swapRWAtoStbc/swapRWAtoStbcIntent.

Internal pre-conditions

No response

External pre-conditions

rwa token oracle price against usd can decrease before the user transaction.

Attack Path

Let’s assume, 1 rwa token oracle price is 1 usd. Alice calls the function swapRWAtoStbc with 100 rwa tokens to get 100 usdc.
Before alice’s function swapRWAtoStbc execution, 1 rwa token oracle price is updated to 0.9 usd.
As 1 rwa token oracle price is updated to 0.9 usd, so alice gets 90 usdc for 100 rwa tokens which is unexpected/unfair for alice because alice’s expectation was to get 100 usdc for 100 rwa token.

https://github.com/sherlock-audit/2024-10-usual-labs-v1/blob/main/pegasus/packages/solidity/src/daoCollateral/DaoCollateral.sol#L768

Impact

users can get less usd0 than expected.

PoC

No response

Mitigation

put minAmountOut parameter check in the function swapRWAtoStbc/swapRWAtoStbcIntent.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

097.md

097.md

There is no slippage protection in the function swapRWAtoStbc/swapRWAtoStbcIntent.

Summary

Root Cause

Internal pre-conditions

External pre-conditions

Attack Path

Impact

PoC

Mitigation

Files

097.md

Latest commit

History

097.md

File metadata and controls

There is no slippage protection in the function swapRWAtoStbc/swapRWAtoStbcIntent.

Summary

Root Cause

Internal pre-conditions

External pre-conditions

Attack Path

Impact

PoC

Mitigation