Price Impact Remediation
How to fix missing price impact validation in large swaps.
Price Impact Remediation
Overview
Related Detector: Price Impact
Large swaps without price impact validation enable sandwich attacks. The fix is to compare pool prices before and after swaps, enforce a maximum price impact threshold, and combine with slippage protection.
Recommended Fix
Before (Vulnerable)
let output = execute_swap(pool, amount)?;
transfer(output)?;After (Fixed)
let price_before = get_pool_price(pool)?;
let output = execute_swap(pool, amount)?;
let price_after = get_pool_price(pool)?;
let impact = price_before.abs_diff(price_after) * 10000 / price_before;
require!(impact <= max_impact_bps as u64, ErrorCode::ExcessivePriceImpact);
require!(output >= min_output, ErrorCode::SlippageExceeded);
transfer(output)?;Alternative Mitigations
Split Large Orders
Break large swaps into smaller chunks executed across multiple transactions to reduce per-trade price impact.
Use TWAP
For time-insensitive operations, use a time-weighted average price mechanism that executes portions of the swap over multiple slots.
Common Mistakes
Mistake: Checking Impact but Not Slippage
// WRONG: checks price impact but not minimum output
require!(impact <= max_impact, ExcessiveImpact);
// Output could still be lower than expected due to other factorsAlways combine price impact checks with minimum output validation.