🛣️Incorrect Swap Path
VaderRouter._swap
performs wrong swap
VaderRouter._swap
performs wrong swapVulnerability Details
Description:
In the VaderRouter._swap
function, a 3-path hop is designed to initially swap foreign assets into native assets, followed by swapping the acquired native assets back to different foreign assets. However, there's a mix-up in the argument positions for the pool.swap(nativeAmountIn, foreignAmountIn)
call. Specifically, in the attempt to execute a pool0 foreign-to-native swap, the function mistakenly utilizes the foreign amount as if it were the native amount.
Code Snippet:
The following segment shows the erroneous call where nativeAmountIn = amountIn
is used, but it should be set as foreignAmountIn
(the second argument).
For correction, the function call should be structured as follows:
Impact:
Due to this confusion in argument placement, all 3-path swaps navigating through the VaderRouter
would be unsuccessful. The error triggers when the requirement require(nativeAmountIn = amountIn <= nativeBalance - nativeReserve = 0)
is evaluated since a foreign amount is provided where a native amount is expected, causing the transaction to fail.
Recommended Mitigation Steps:
Correct Function Call Arguments: Update the function call to accurately reflect the appropriate argument placement for native and foreign amounts. The corrected call should be:
This adjustment ensures that the
pool0.swap
call receives the correct foreign amount input, preventing the aforementioned requirement check failure and allowing 3-path swaps to be executed successfully.
Last updated