Curly Myrtle Elk - Bracket::execute(...) does not strictly apply the minimum received amount check leading to unwanted reverts

[sherlock-admin3]

Curly Myrtle Elk

Medium

Bracket::execute(...) does not strictly apply the minimum received amount check leading to unwanted reverts

Summary

Whenever swaps are executed in the Bracket contract, it compares the amountOut to a minimum amount based on the oracle. However, currently it only checks that the amount is > than the getMinAmountReceived amount. In a fast paced market environment, this can lead to unwanted reverts, as the exact minimum will not be taken into account.

Root Cause

https://github.com/sherlock-audit/2024-11-oku/blob/ee3f781a73d65e33fb452c9a44eb1337c5cfdbd6/oku-custom-order-types/contracts/automatedTrigger/Bracket.sol#L551
Usage of > instead of > in Bracket::execute(...)

Internal pre-conditions

N/A

External pre-conditions

1. Volatile market conditions

Attack Path

1. User sets a specific bip for a minimum return value.
2. That value is reached when Bracket::execute is invoked.
3. The actual amount is = to the getMinAmountReceived
4. The transaction reverts as the require is not satisfied.

Impact

Unwanted reverts leading to decreased user earnings.

PoC

N/A

Mitigation

Use the >= comparison in Bracket::execute, when comparing finalTokenOut - initialTokenOut and MASTER.getMinAmountReceived(amountIn, tokenIn, tokenOut, bips)