search

Pearl-Finance / v3-periphery

🦄 🦄 🦄 Peripheral smart contracts for interacting with Uniswap v3
https://uniswap.org
GNU General Public License v2.0
0 stars 0 forks source link

[NPM-01M] Potential Uniswap V3 Ecosystem Incompatibility #2

Open mavvverick opened 4 months ago

mavvverick commented 4 months ago

NPM-01M: Potential Uniswap V3 Ecosystem Incompatibility

Type Severity Location
Standard Conformity NonfungiblePositionManager.sol:L203

Description:

The Uniswap V3 implementation does not impose any authorization based control on its NonfungiblePositionManager::increaseLiquidity function, causing the NonfungiblePositionManager implementation of Pearl Finance V2 to be potentially incompatible with the Uniswap V3 ecosystem.

Example:

/// @inheritdoc INonfungiblePositionManager
function increaseLiquidity(IncreaseLiquidityParams calldata params)
    external
    payable
    override
    isAuthorizedForToken(params.tokenId)
    checkDeadline(params.deadline)
    returns (
        uint128 actualLiquidity,
        uint256 amount0,
        uint256 amount1
    )
{

Recommendation:

We advise the Pearl Finance team to carefully consider this restriction and the impact it may have with their partners and the projects they wish to integrate with.

mavvverick commented 4 months ago

The isAuthorizedForToken check has been implemented to prevent unauthorized liquidity additions while an NFT is staked in the gauge. Only the owner of the NFT has the privilege to increase the liquidity.