search

Phoenix-Protocol-Group / phoenix-contracts

Source code of the smart contracts of the Phoenix DeFi hub DEX protocol
GNU General Public License v3.0
10 stars 6 forks source link

[V-PHX-VUL-031] Static tolerance value may lead to high imprecision for small pools #226

Open gangov opened 7 months ago

gangov commented 7 months ago

File: contracts/pool/src/contract.rs Location: split_deposit_based_on_pool_ratio

The tolerance value, which is used as the smallest difference in deposit that the pool cares about, is constant (500).

Impact: For small pools or pools with a large imbalance between tokens, this tolerance may lead to a large percentage of error in deposit amounts.

Recommendation: While we recommend rewriting this function entirely (see V-PHX-VUL-006), if the tolerance logic is kept, we recommend making it either configurable or based on the size of the underlying balances in the liquidity pool.

ueco-jb commented 4 months ago

This issue is depracated - the change in #257 removed the tolerance parameter completely.