Late Hotpink Dinosaur
Medium
Lack of target amount adjustment in swap and defiToStablecoinSwap will cause a loss of funds for the protocol.
In AmirX.sol at https://github.com/sherlock-audit/2024-11-telcoin/blob/main/telcoin-audit/contracts/swap/AmirX.sol#L111, the target amount (tAmount) in stablecoin swap remains fixed even when the DeFi swap portion yields a lower amount than expected e.g. because of the partial fill for the swap order. Such partial fills will pass slippage checks of defiswap but will likely result in losses to the protocol when price of the DeFi asset drops.
function defiToStablecoinSwap(
address wallet,
StablecoinSwap memory ss,
DefiSwap memory defi
) external payable onlyRole(SWAPPER_ROLE) whenNotPaused {
_verifyDefiSwap(wallet, defi);
_verifyStablecoinSwap(wallet, ss);
uint256 iBalance = ERC20(ss.origin).balanceOf(wallet);
_defiSwap(wallet, defi);
uint256 fBalance = ERC20(ss.origin).balanceOf(wallet);
ss.oAmount = fBalance - iBalance; // Only origin amount adjusted
_stablecoinSwap(wallet, ss); // Target amount remains fixed
}Similar issue exist for swap method when called for defi followed by stablecoin swap.
No response
No response
- User initiates defiToStablecoinSwap (1000 worth of DeFi TOKEN → Expected 1000 stablecoin origin → Fixed 1000 stablecoin target).
- Lower output of stablecoin origin occurs due to partial fill (50% filled due to liquidity issues)
- Protocol provides fixed 1000 target stablecoin despite receiving less.
- Price of the DeFi TOKEN drops, e.g. 10-15%. Protocol is at loss of 50% of 10-15% which is 5-7.5% of trade value.
The protocol suffers potential loss due to the difference between expected and actual fill in the DeFi swap portion, while still being obligated to provide the full fixed target amount.
No response
No response