Description

The GTERouter contract includes the _executeUniV2SwapExactTokensForTokens function, which is called in a loop from the executeRoute function to perform a sequence of swaps.

The caller supplies an initial amountIn and a set of hops data describing the individual swap steps. The amountIn is transferred to the GTERouter at the beginning of executeRoute, but for the first swap, _executeUniV2SwapExactTokensForTokens uses the amountIn defined within the hop parameters rather than the amountIn passed directly to executeRoute.

However, there is no check to ensure that the amountIn specified in the first hop actually matches the user's provided amountIn. This opens the possibility for a mismatch between the actual funds deposited and the parameters used in the first swap.

Impact

If the amountIn in the first swap is manipulated or incorrect, the GTERouter may attempt to perform a swap using an unintended or mismatched amount. This can lead to unexpected swap behavior and cause funds to be incorrectly routed or swapped.

Recommendations

Consider using the route.prevAmountOut for all swaps, including the first.

Remediation

This issue has been acknowledged by Liquid Labs, Inc., and a fix was implemented in commit 45ab6c74↗.

Liquid Labs, Inc. provided the following response to this finding:

For Uniswap v2 swaps, the amountIn is now always the previous hop’s amount out. The previous amount out defaults to executeRoute’s amount in for the first hop.