-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Hardcoded Pool Selection in ZetaTokenConsumerTrident Contract #152
Comments
QA might be more appropriate |
DadeKuma marked the issue as insufficient quality report |
0xean marked the issue as unsatisfactory: |
Hey, Really appreciate your review but I disagree with the decision. Above are the two issues that are very similar to what I've submitted. Due to the hard coding of |
There isn't a loss of funds as there is slippage protection and users expect to get at least |
leaving as marked. This is equivalent to saying the contract should actually calculate the best multi transaction route also because a user would get a better rate. While true, it doesn't mean it qualifies as M |
(final decision here) |
Lines of code
https://github.com/code-423n4/2023-11-zetachain/blob/main/repos/protocol-contracts/contracts/evm/tools/ZetaTokenConsumerTrident.strategy.sol#L88
https://github.com/code-423n4/2023-11-zetachain/blob/main/repos/protocol-contracts/contracts/evm/tools/ZetaTokenConsumerTrident.strategy.sol#L154
Vulnerability details
Impact
pairPools[0]
) when executing swaps. This rigid approach may lead to suboptimal swap rates and increased transaction costs for users. Suboptimal swaps result in users receiving fewer tokens than they should for the same input, significantly impacting their trading experience. Users may suffer financial losses due to the inefficiencies in the contract's token swap mechanism.Proof of Concept
Consider the following:
getZetaFromEth
function providing the destination address and theminAmountOut
she wantsgetZetaFromEth
is getting ths list of pool by using this linepool[0]
when performing the swap.pool
for the swap.As the function is consistently selecting the first pool (
pairPools[0]
), it may not opt for the most liquid pool available. Consequently, this results in suboptimal swap rates for users, causing them to receive fewer ZetaTokens than they should have received for the same amount of ETH input.Tools Used
Manual Review
Recommended Mitigation Steps
To address and mitigate the identified vulnerability, it is essential to make the contract's pool selection process dynamic, allowing it to choose the pool with the highest liquidity for each swap. Here are the recommended mitigation steps:
Dynamic Pool Selection: Modify the
getZetaFromEth
function to dynamically select the pool with the highest liquidity for the intended swap. Achieve this by iterating through the available pools and evaluating their liquidity.Assessed type
Error
The text was updated successfully, but these errors were encountered: