tallo
high
Inside uniswap's IV3SwapRouter.sol interface the amountOutMinimum variable is a configurable safeguard that specifies the minimum number of tokens that the user would be satisfied to receive.
struct ExactInputParams {
bytes path;
address recipient;
uint256 amountIn;
uint256 amountOutMinimum;
}Inside USSD.sol, this value is hardcoded to 0 meaning the contract is willing to accept 0 or greater tokens from the swap.
function UniV3SwapInput(
bytes memory _path,
uint256 _sellAmount
) public override onlyBalancer {
IV3SwapRouter.ExactInputParams memory params = IV3SwapRouter
.ExactInputParams({
path: _path,
recipient: address(this),
//deadline: block.timestamp,
amountIn: _sellAmount,
amountOutMinimum: 0
});
uniRouter.exactInput(params);
}Users can be sandwich attacked or swap during a block of unexpected volatility and lose substantial funds
https://github.com/sherlock-audit/2023-05-USSD/blob/main/ussd-contracts/contracts/USSD.sol#L237
Manual Review
Add a 'amountOutMinimum' parameter to the UniV3SwapInput that allows specification of the min tokens traders are willing to accepts