UsmanAtique - Insufficient Output Amount Error in SolidlyV3AMO Contract

[sherlock-admin3]

UsmanAtique

Medium

Insufficient Output Amount Error in SolidlyV3AMO Contract

Summary

The SolidlyV3AMO contract encounters an error during the _mintAndSellBoost function execution, where the output amount of USD received after a swap is consistently deemed insufficient. This issue arises from the comparison between the converted output amount and the expected input amount, which leads to a perpetual revert condition. The calculation of minUsdAmountOut does not account for transaction fees accurately, inflating the expectations of the output amount.

Root Cause

The primary cause of the issue is the conditional statement:

if (toBoostAmount(usdAmountOut) <= boostAmountIn)
    revert InsufficientOutputAmount({outputAmount: toBoostAmount(usdAmountOut), minRequired: boostAmountIn});

In this statement, usdAmountOut, which is derived after executing the swap, is consistently lower than boostAmountIn due to the deductions from fees applied during the swap. Consequently, the function always reverts, rendering it ineffective. For reference, see the relevant line of code here.

The toBoostAmount function converts the received usdAmountOut to a boostAmount using the formula:

function toBoostAmount(uint256 usdAmount) internal view returns (uint256) {
    return usdAmount * 10 ** (boostDecimals - usdDecimals);
}

Given that:

• boostDecimals = 18
• usdDecimals = 6

This conversion results in a significant difference between the expected boost amount and the actual USD output, further compounding the issue.

---

Internal pre-conditions

• The contract must have sufficient BOOST tokens minted.
• The pool should be correctly configured to handle swaps.

External pre-conditions

• The Solidly V3 Pool must be operational and accessible.
• The swap mechanism must support the expected trading pairs (BOOST and USD).

Attack Path

1. Minting BOOST: The contract mints the specified amount of BOOST tokens.
2. Approval for Swap: The contract approves the transfer of minted BOOST tokens to the pool.
3. Executing the Swap: The swap is executed, but the expected output is decreased due to fees.
4. Output Verification: The conditional check fails, causing the function to revert.
5. Reverting: The function does not complete successfully, leading to an inability to sell BOOST for USD.

Impact

Due to the faulty output condition, users will experience continuous transaction failures when attempting to perform swaps. This can result in a negative user experience and potential loss of trust in the SolidlyV3AMO contract.

PoC

To demonstrate the issue, consider the following scenario:

1. Inputs:

   • boostAmount: 1,000,000,000,000,000,000 (1 BOOST token)
   • minUsdAmountOut: 100 (expected USD after swap)
   • Assumed Fees: 10% (leading to an output of 90 USD after swap)

2. Execution:

   • After executing the swap, the usdAmountOut is 90 USD.
   • The conversion using toBoostAmount(90) yields 900,000,000,000,000,000 (0.9 BOOST).
   • The condition if (0.9 <= 1) evaluates to true, triggering the revert.

Mitigation

To mitigate this issue, the following adjustments are recommended:

1. Adjust the Condition: Modify the condition to account for the fees by introducing a threshold for acceptable fees or adjusting the expected output based on historical data.

2. Accurate Fee Calculation: Implement a more precise calculation method for minUsdAmountOut that factors in the fees expected during the swap.

3. Error Handling: Provide a mechanism to report the actual USD amount received and give insights into why a revert may occur, rather than simply reverting the transaction.