exchangeTokens performs unsafe uniswap trade #35
Assignees
Labels
bug
Something isn't working
Comments
|
Hi @livnev. Thanks for flagging up this issue! We're planning on having a full review of the Options contract code as we had to focus on other areas to build a demo due to the hackathon deadline. We're aware of several vulnerabilities in the code as a result. We'll make sure to address this vulnerability at the same time. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
exchangeTokens, which is called internally fromcreateandexercise, uses the Uniswap V2 router to perform a trade of payment tokens to linked tokens. This trade is done with no validation of the price at which the trade will be executed. As a result, the pool may suffer losses due selling tokens below the market price.Moreover, this may be exploitable by an attacker who sandwiches their call to
createorexercisebetween two trades on the Uniswap pool which manipulate the price to the detriment of the pool, potentially allowing the attacker to extract either a portion of the option premium or the settlement payment of the option, respectively.For more information on this class of attacks, please see the section on Swap Composability in the recent audit of Uniswap V2.
The text was updated successfully, but these errors were encountered: