Lack of protection on swaps

[robertleifke]

Description:

The swap method of the SwapHelper library does not accept user-provided limits or query an external oracle to prevent front-running sandwich attacks. The SwapRouter contract uses the SwapHelper library to facilitate pre-deposit and post-withdrawal asset exchanges. The function signature and data types associated with this library’s swap method, shown in figure 8.1, indicate that this method accepts a signed integer amount parameter that is either the exact input or exact output, depending on whether this value is positive or negative.

However, this function does not accept user-specified maximum amounts. To safely execute an exact-in or exact-out swap, the minimum amount out or maximum amount in should be enforced, respectively.
Furthermore, no uncorrelated oracle is consulted to enforce such limits.

The Uniswap market itself is queried to determine the expected input or output amounts, but this query is not sufficient to detect whether the market was manipulated during a preceding transaction. Outside information is required to detect such market manipulation.

[robertleifke]

Recommendations:

Short term, modify the code to either consult user-provided input or an uncorrelated oracle to detect market manipulation and revert if the user would receive an unacceptable exchange rate.

Long term, exercise caution when implementing low-level third-party protocol interactions. If Numo2 intends to bypass high-level routers, ensure all safety mechanisms implemented by such routers are fully understood, and address these risks in the Numo2 implementation. Consider using a higher-level interface if possible. Regardless, always consult the documentation for third-party protocol integrations to ensure that best practices are being followed.