Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

MSG-02 | Lack of Price Slippage Protection When Adding or Removing Liquidity #3175

Open
Brando753 opened this issue Aug 25, 2022 · 0 comments
Open

MSG-02 | Lack of Price Slippage Protection When Adding or Removing Liquidity #3175

Brando753 opened this issue Aug 25, 2022 · 0 comments
Labels
Minor Reported as a minor vulnerability Peggy2 Audit - Sifnode Issue Issue that came out of the Peggy2 audits that requires remediation by Sifnode Sifnode Team

Comments

@Brando753
Copy link
Contributor

Affected Files: clp/keeper/msg_server.go L241,403

Description

In x/clp/keeper/msg_server.go, the price slippage protection is applied in the function Swap() by introducing the parameter MinReceivingAmount:

	if emitAmount.LT(msg.MinReceivingAmount) {
		ctx.EventManager().EmitEvents(sdk.Events{
			sdk.NewEvent(
				types.EventTypeSwapFailed,
				...

However, the protection is not applied in the functions RemoveLiquidity() and AddLiquidity(). When a significant price fluctuation happens, the message sender might not be able to receive the expected pool units when adding liquidity to a pool or expected token amounts when removing liquidity from a pool.

Recommendation

Recommend adding price slippage protections for adding liquidity to or removing liquidity from pools.
@Brando753 Brando753 added Sifnode Team Peggy2 Audit - Sifnode Issue Issue that came out of the Peggy2 audits that requires remediation by Sifnode Minor Reported as a minor vulnerability labels Aug 25, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Minor Reported as a minor vulnerability Peggy2 Audit - Sifnode Issue Issue that came out of the Peggy2 audits that requires remediation by Sifnode Sifnode Team
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Brando753