Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ensure Slippage and Deadline Checks in UniswapV3 Swap #33

Closed
c4-bot-4 opened this issue Jan 20, 2024 · 4 comments
Closed

Ensure Slippage and Deadline Checks in UniswapV3 Swap #33

c4-bot-4 opened this issue Jan 20, 2024 · 4 comments
Labels
3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working duplicate-24 edited-by-warden insufficient quality report This report is not of sufficient quality unsatisfactory does not satisfy C4 submission criteria; not eligible for awards

Comments

@c4-bot-4
Copy link
Contributor

c4-bot-4 commented Jan 20, 2024
edited by c4-bot-2
Loading

Lines of code

https://github.com/code-423n4/2024-01-decent/blob/main/src/swappers/UniSwapper.sol#L130
https://github.com/code-423n4/2024-01-decent/blob/main/src/swappers/UniSwapper.sol#L150
https://github.com/Uniswap/v3-periphery/blob/697c2474757ea89fec12a4e6db16a574fe259610/contracts/base/PeripheryValidation.sol#L8

Vulnerability details

Impact

missing zero check:

The amountOutMinimum is intended to be set to swapParams.amountOut, but it is crucial to verify that it is not checked with a zero value. Allowing amountOutMinimum = 0 informs the swap that the caller is willing to accept a minimum amount of 0 output tokens, exposing the user to a potential catastrophic loss of funds through MEV bot sandwich attacks.

missing deadline:

The deadline parameter allows the caller to specify a time limit by which the transaction must be executed. Without a deadline parameter, the transaction may linger in the mempool and be executed at a later time, potentially resulting in a worse price for the user.

uniswap deadline checks

It is also important to include an expiration deadline to prevent slippage attacks. If the deadline parameter is commented out, it can lead to a zero start for the deadline parameter, preventing any transaction from occurring. This is because SwapRouter.sol in UniswapV3 has a checkDeadline modifier that verifies if block.timestamp >= deadline; otherwise, it reverts.

Proof of Concept

The missing zero check and the absence of a set deadline can be identified in the following:

https://github.com/code-423n4/2024-01-decent/blob/main/src/swappers/UniSwapper.sol#L130

https://github.com/code-423n4/2024-01-decent/blob/main/src/swappers/UniSwapper.sol#L150

https://github.com/Uniswap/v3-periphery/blob/697c2474757ea89fec12a4e6db16a574fe259610/contracts/base/PeripheryValidation.sol#L8

Tools Used

Manual

Recommended Mitigation Steps

Check whether swapParams.amountOut is zero or not, and set the correct deadline.

Assessed type

Uniswap
@c4-bot-4 c4-bot-4 added 3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working labels Jan 20, 2024
c4-bot-4 added a commit that referenced this issue Jan 20, 2024
@c4-bot-4
dgnnn issue #33
5f86a83
@c4-pre-sort
Copy link

raymondfam marked the issue as insufficient quality report

@c4-pre-sort c4-pre-sort added the insufficient quality report This report is not of sufficient quality label Jan 23, 2024
@c4-pre-sort
Copy link

raymondfam marked the issue as duplicate of #24

@raymondfam
Copy link

Slippage is already in place as commented in SwapParams.

@c4-judge
Copy link

c4-judge commented Feb 1, 2024

alex-ppg marked the issue as unsatisfactory:
Invalid

@c4-judge c4-judge added the unsatisfactory does not satisfy C4 submission criteria; not eligible for awards label Feb 1, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working duplicate-24 edited-by-warden insufficient quality report This report is not of sufficient quality unsatisfactory does not satisfy C4 submission criteria; not eligible for awards
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@raymondfam @c4-judge @c4-pre-sort @code4rena-admin @c4-bot-4