Category: Business Logic
Unchecked slippage may lead to sandwich attacks
Informational Severity
Informational Impact
N/A Likelihood
Description
The swapAndTransfer
function in EurekaHandler
allows users to swap a token to another token before transferring the output token via ics20. The swap is performed on the swapRouter
using a low level call with the calldata swapCalldata
. It is unclear how swapCalldata
is created as it directly comes from the input and hence might contain the minimum amount of output tokens to be 0
or something less than expected.
Impact
Swaps could be sandwiched causing a loss of funds for users.
Recommendations
Slippage parameters should be verified in the calldata, or an additional min output amount could be added in swapAndTransfer
which could be used to verify the amount after the swap.