search

0x73696d616f / codeup-issues-external

Smart Contract and configuration scripts for codeup.app DEFI game based on Ethereum story
https://codeup.app
0 stars 0 forks source link

`Codeup::claimCodeupERC20()` may revert whenever the `weth` balance is very low #10

Open 0x73696d616f opened 3 weeks ago

0x73696d616f commented 3 weeks ago

Description

Codeup::claimCodeupERC20() adds liquidity to the Uniswap pool whenever the weth balance is bigger than 1. However, an amount bigger than 1 may still lead to reverts if it is low enough. If it is exactly 1, it will shift right to get the amount of weth to swap for CodeupERC20, trying to swap an amount of 0 and reverting. If it is bigger than 2, but still low, it may swap this for an even smaller amount of CodeupERC20, reverting when adding liquidity due to not providing enough liquidity to mint a single share. A poc is available to confirm the finding.

Recommendation

Instead of setting 1, a slightly bigger dust amount could be use to ensure it does not revert.

Maxim280596 commented 3 weeks ago

I added a new constant uint256 private constant MIN_AMOUNT_FOR_ADDING_LIQUIDITY = 0.0001 ether; and now I am checking against it. Will this amount be enough?

0x73696d616f commented 3 weeks ago

Yes, I think so.

0x73696d616f commented 3 weeks ago

Fixed in #389b655.