[PR #38] p3: _validParams() sets minSwapOut=0 — slippage floor and swap-output-below-repayment guard untested

## Summary

The helper `_validParams()` sets `minSwapOut: 0`. This means every test that uses `_validParams()` accepts a zero slippage floor. The two swap-output protection mechanisms in `executeOperation` are:

1. `amountOutMinimum: p.minSwapOut` — passed to PancakeSwap router; reverts if output is below floor
2. `require(finalBal >= totalOwed, "swap output below repayment")` — defensive check

Neither mechanism is exercised by any test in this PR. There is no test that:
- Sets a non-zero `minSwapOut` and verifies the revert path when the router returns below that floor
- Verifies the `"swap output below repayment"` guard fires when post-swap balance is insufficient

## Location

`contracts/test/CharonLiquidator.t.sol` — `_validParams()` internal helper

## Risk

Sandwich attacks and oracle manipulation attacks against the swap step are the primary MEV vectors for this liquidation bot. The slippage floor is the on-chain defense. An unexercised slippage guard may be misconfigured (floor set by the Rust bot to 0 or near-0) without any test surfacing the problem.

## Fix

Add two tests (can be mocked):
1. Stub router that returns `minSwapOut - 1` tokens; assert revert from router.
2. Stub router that returns enough to partially cover but not meet `totalOwed`; assert `"swap output below repayment"` revert.

Refs #38

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[PR #38] p3: _validParams() sets minSwapOut=0 — slippage floor and swap-output-below-repayment guard untested #131

Summary

Location

Risk

Fix

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

[PR #38] p3: _validParams() sets minSwapOut=0 — slippage floor and swap-output-below-repayment guard untested #131

Description

Summary

Location

Risk

Fix

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions