Skip to content

Latest commit

 

History

History
57 lines (38 loc) · 2.34 KB

029.md

File metadata and controls

57 lines (38 loc) · 2.34 KB

Late Hotpink Dinosaur

Medium

Missing Slippage Protection in DeFi to Stablecoin Swaps

Summary

Missing intermediate output validation in multi-step swaps will cause a loss of funds for protocol as cases like fee-on-transfer tokens can result in less tokens being available for subsequent stablecoin swap than intended. User gets fixed target stablecoin and protocol takes on losses.

Root Cause

In AmirX.sol:defiToStablecoinSwap() and swap() where both defi and stableswap are being performed, the intermediate amount check doesn't account for potential token transfer fees: https://github.com/sherlock-audit/2024-11-telcoin/blob/main/telcoin-audit/contracts/swap/AmirX.sol#L125

function defiToStablecoinSwap(
    address wallet,
    StablecoinSwap memory ss,
    DefiSwap memory defi
) external payable onlyRole(SWAPPER_ROLE) whenNotPaused {
    uint256 iBalance = ERC20(ss.origin).balanceOf(wallet);
    _defiSwap(wallet, defi); // @audit if token has transfer fee
    uint256 fBalance = ERC20(ss.origin).balanceOf(wallet);
    ss.oAmount = fBalance - iBalance; // @audit reduced by fee amount
    _stablecoinSwap(wallet, ss);
}

Same problem in swap at https://github.com/sherlock-audit/2024-11-telcoin/blob/main/telcoin-audit/contracts/swap/AmirX.sol#L93

Internal pre-conditions

No response

External pre-conditions

No response

Attack Path

  1. User performs defiToStablecoinSwap with a fee-on-transfer token
  2. The DeFi swap executes successfully (meeting its own slippage requirements)
  3. During token transfer, fee is deducted (if a fee-on-transfer token is used)
  4. The reduced amount flows into stablecoin swap
  5. Even though user receives the fixed target stablecoin, the protocol has loss equivalent to the difference.

Impact

Protocol suffer unpredictable losses as fee-on-transfer tokens, particularly those with dynamic fees that change based on transaction size or timing, can result in significantly reduced intermediate amounts. Even if protocl account for known transfer fees, missing slippage protection means they cannot guard against dynamic fee changes that may occur during transaction execution. Without a minimum intermediate amount check, the reduced token amount is automatically used in the subsequent stablecoin swap, leading to worse-than-expected final output.

PoC

No response

Mitigation

No response