Brief audit of `vAMM3.ride` - Githubissues

Tsunami-Exchange / tsunami-contracts

Tsunami Exchange Smart Contracts (RIDE)

2 stars 2 forks source link

Brief audit of `vAMM3.ride` #15

Open deemru opened 1 year ago

deemru commented 1 year ago

[ ] MEDIUM: changeSettings looks very unsafe with no arguments checks at all https://github.com/Tsunami-Exchange/tsunami-contracts/blob/5e3e3b11052929da6542dca2bd205f58618b2ae4/contracts/ride/vAMM3.ride#L1545-L1580
[ ] LOW: exact payments count not controlled https://github.com/Tsunami-Exchange/tsunami-contracts/blob/5e3e3b11052929da6542dca2bd205f58618b2ae4/contracts/ride/vAMM3.ride#L1672 https://github.com/Tsunami-Exchange/tsunami-contracts/blob/5e3e3b11052929da6542dca2bd205f58618b2ae4/contracts/ride/vAMM3.ride#L1875
[ ] MEDIUM: k_positionAsset and logic around it looks unused https://github.com/Tsunami-Exchange/tsunami-contracts/blob/5e3e3b11052929da6542dca2bd205f58618b2ae4/contracts/ride/vAMM3.ride#L1681 https://github.com/Tsunami-Exchange/tsunami-contracts/blob/5e3e3b11052929da6542dca2bd205f58618b2ae4/contracts/ride/vAMM3.ride#L1882
[ ] TRIVIAL: incorrect description (should be >=) https://github.com/Tsunami-Exchange/tsunami-contracts/blob/5e3e3b11052929da6542dca2bd205f58618b2ae4/contracts/ride/vAMM3.ride#L207-L208
[ ] HIGH: amount of NFTs must be checked == 1 https://github.com/Tsunami-Exchange/tsunami-contracts/blob/5e3e3b11052929da6542dca2bd205f58618b2ae4/contracts/ride/vAMM3.ride#L1164
[ ] LOW: decreasePosition? https://github.com/Tsunami-Exchange/tsunami-contracts/blob/5e3e3b11052929da6542dca2bd205f58618b2ae4/contracts/ride/vAMM3.ride#L1792