0xeix
medium
in USSD.sol, in UniswapV3Input() there is no check for slippage
UniswapV3Input() function and ExactInputParams() inside of it allow for 100% slippage tolerance that can lead to MEV attacks. amountOutMin parameter in ExactInputParams() is used for slippage tolerance. And "0" here basically means that there is 100% slippage tolerance. This makes the contract an easy target for MEV bots to make flash loan sandwich attacks on each of the swaps resulting in a very big slippage on every swap.
Medium-risk vulnerability because such slippage tolerance can be easily resulted in protocol receiving much less value than it should receive as the function UniswapV3Input() is used in USSDRebalancer.sol
https://github.com/sherlock-audit/2023-05-USSD/blob/main/ussd-contracts/contracts/USSD.sol#L237
Manual Review
amountOutMin should be calculated properly or the corresponding functions where UniswapV3Input() is called should be only callable by a trusted address who will send the tx through a private mempool.