SYM_SOL_0020 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Incorrect Calculation
| Property | Value |
|---|---|
| Language | solidity |
| Severity |  |
| CWE | CWE-682: Incorrect Calculation |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | High |
Description
The code performs Uniswap v2/v3 token swaps without properly checking for slippage by setting the minimum output or maximum input value to zero or the maximum possible value. This means trades can execute even if the price moves drastically against the user.
Impact
Without a slippage check, attackers or front-runners can manipulate prices so users receive far fewer tokens than expected during a swap, causing significant financial losses. This undermines user trust and can result in drained assets from the contract or user accounts.