Yield Interfaces
UniswapV4.sol
[MEDIUM] Missing Slippage Protection in Swaps
This has been explored on the BaseInterface report as it is inherited across multiple YieldInterface implementations.
However, the Uniswap V4 interface cannot use the same Oracle approach that other Uniswap V3 based interfaces can. Any information that we could retrieve from the Uniswap V4 pool would be taken from slot0 which is correct at the point of execution only.
For this reason, we would recommend adding the ability to pass an expected _amountOutMinimum parameter from the frontend. Other YieldInterfaces can internally compute this, but this interface and others in the future may require it to be specified manually.
Recommended solution:
function _swapNonNativeToken(PoolKey memory _poolKey, Currency _nonNativeCurrency, uint _balance) internal returns (uint ethReceived_) {
// ..
// Create swap parameters
IPoolManager.SwapParams memory swapParams = IPoolManager.SwapParams({
zeroForOne: zeroForOne,
amountSpecified: -int(_balance),
sqrtPriceLimitX96: zeroForOne ? TickMath.MIN_SQRT_PRICE + 1 : TickMath.MAX_SQRT_PRICE - 1 // Min/max price limits
});
// ..
// Ensure we received some native tokens
require(ethReceived_ > _amountOutMinimum, 'No native tokens received from swap');
}
[INFO] Code commenting in isValid is not accurate
This has been explored on the BaseInterface report as it is inherited across multiple YieldInterface implementations.
[INFO] Misleading code comment
The amountSpecified code comment is actually the inverse. A negative amount defines the exact input. This should be updated to improve codebase readability.
Affected code:
function _swapNonNativeToken(PoolKey memory _poolKey, Currency _nonNativeCurrency, uint _balance) internal returns (uint ethReceived_) {
// ..
// Create swap parameters
IPoolManager.SwapParams memory swapParams = IPoolManager.SwapParams({
zeroForOne: zeroForOne,
amountSpecified: -int(_balance), // Positive amount means exact input
sqrtPriceLimitX96: zeroForOne ? TickMath.MIN_SQRT_PRICE + 1 : TickMath.MAX_SQRT_PRICE - 1 // Min/max price limits
});
// ..
}