Tall Burgundy Nightingale
High
Lack of slippage control in swap operations will cause significant token value loss for users as malicious actors can manipulate token prices during the pending transaction period through sandwich attacks.
The choice to omit minimum output amount validation in StablecoinSwap and DefiSwap structs is a mistake as it leaves users exposed to price manipulation between transaction submission and execution.
User needs to submit a swap transaction with specific oAmount and tAmount values
Transaction needs to be pending in the mempool for sufficient time (usually 1-2 blocks)
User submits swap transaction to exchange Token A for Token B with amount X
Attacker sees this pending transaction in mempool
Attacker frontrun user's transaction with large buy of Token B, driving price up
User's transaction executes at inflated price, receiving less Token B than expected
Attacker backruns with sell of Token B at higher price
Attacker profits from price difference, user receives significantly less tokens
Users can suffer unlimited slippage losses on swaps, potentially receiving far fewer tokens than intended
No response
Add minOutputAmount to swap structs:
struct StablecoinSwap {
// existing fields
uint256 minOutputAmount; // Minimum tokens to receive
}Add validation in verification:
function _verifyStablecoinSwap(address wallet, StablecoinSwap memory ss) internal view {
require(ss.tAmount >= ss.minOutputAmount, "Slippage too high");
// existing checks
}