042.md

Fast Khaki Raccoon

Medium

No minimum amount provided when zapping and bonding OHM tokens

Summary

No minimum amount provided when zapping and bonding OHM tokens

Root Cause

Upon using the zap functionality to deposit into the pOHM pod, we have the following code:

uint256 _pOHMBefore = IERC20(pOHM).balanceOf(address(this));
        IERC20(OHM).safeIncreaseAllowance(pOHM, _amountOut);
        IDecentralizedIndex(pOHM).bond(OHM, _amountOut, 0);
        return IERC20(pOHM).balanceOf(address(this)) - _pOHMBefore;

As seen, upon bonding the OHM tokens to pOHM, we provide a 0 as the minimum amount to mint.

NOTE: The README states that they have decided to not put slippage in many places of swaps as the swap amounts will be small. This is different as the user can provide a ton of tokens and it is bonding, not swapping.

Internal Pre-conditions

No response

External Pre-conditions

No response

Attack Path

1. User uses the zap functionality and wants to bond to pOHM
2. He expects getting 100 pOHM however due to a frontrun or market conditions, he receives 50
3. As the user can not provide a minimum amount, he can not guard against that

Impact

Users will receive less than expected

PoC

No response

Mitigation

Let users provide a minimum amount