Bright Violet Crocodile
Medium
Defi swaps via AmirX::swap() modify the ss.oAmount to take slippage and fees into account and not transfer ss.origin tokens out of the wallet. However, it does not update ss.tAmount or ss.feeAmount which means users always get these same amounts and pay the same fees regardless of the slippage that happened in the swap, ending up paying too much or too little compared to the amount received.
In AmirX:93, ss.tAmount and ss.feeAmount are not updated according to the amounts swapped.
None.
None.
- Swapper calls
AmirX::swap()withdirectionalto true.
ss.oAmount is updated to fBalance - iBalance to reflect the slippage that happened but ss.tAmount and ss.feeAmount remain the same regardless of slippage. Thus, users will under/overpay for the same ss.tAmount.
function swap(
address wallet,
bool directional,
StablecoinSwap memory ss,
DefiSwap memory defi
) external payable onlyRole(SWAPPER_ROLE) whenNotPaused {
// checks if it will fail
if (ss.destination != address(0)) _verifyStablecoinSwap(wallet, ss);
if (defi.walletData.length != 0) _verifyDefiSwap(wallet, defi);
if (directional) {
// if only defi swap
if (ss.destination == address(0)) _defiSwap(wallet, defi);
else {
// if defi then stablecoin swap
//check balance to adjust second swap
uint256 iBalance = ERC20(ss.origin).balanceOf(wallet);
if (defi.walletData.length != 0) _defiSwap(wallet, defi);
uint256 fBalance = ERC20(ss.origin).balanceOf(wallet);
//change balance to reflect change
if (fBalance - iBalance != 0) ss.oAmount = fBalance - iBalance;
_stablecoinSwap(wallet, ss);
}
} else {
// if stablecoin swap
_stablecoinSwap(wallet, ss);
// if only stablecoin swap
if (defi.walletData.length != 0) _defiSwap(wallet, defi);
}
}Update ss.tAmount and ss.feeAmount according to the slippage that took place.