SYM_SOL_0033 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Validation of Specified Index, Position, or Offset in Input
| Property | Value |
|---|---|
| Language | solidity |
| Severity |  |
| CWE | CWE-1285: Improper Validation of Specified Index, Position, or Offset in Input |
| Confidence Level | Low |
| Impact Level | High |
| Likelihood Level | Low |
Description
The UniswapV3 adapter incorrectly extracts token addresses from the swap path, which can lead to reading data from the wrong position. This improper parsing can cause the contract to use unintended or attacker-controlled token addresses during swaps.
Impact
If exploited, an attacker could manipulate swap paths to redirect tokens or swaps to malicious addresses, potentially resulting in loss of user funds or unauthorized token transfers. This undermines the integrity of DeFi operations and exposes users to significant financial risk.