No slippage check in Uniswap v2/v3 trade
Description
The given Uniswap v2/v3 trade does not include a slippage check, which can lead to incorrect calculations and potential financial losses. Slippage protection is essential in DeFi applications to prevent such issues.
Examples
Insecure Code
solidity
X.swapExactTokensForTokens(100, 0, tokenA, tokenB, recipient);Secure Code
solidity
X.swapExactTokensForTokens(100, 90, tokenA, tokenB, recipient); // 10% slippage toleranceRemediation
Add a slippage check to the trade function to ensure that the actual swap price does not deviate significantly from the expected price.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0248 |
| Category | Crypto |
| Severity | HIGH |
| CWE | CWE-682 |
| Confidence | MEDIUM |
| Impact | MEDIUM |
| Likelihood | HIGH |
| Exploitability | EASY |
| Tags | slippage, Uniswap, DeFi |
| OWASP | N/A |