search

code-423n4 / 2021-04-vader-findings

1 stars 0 forks source link

Wrong liquidity units calculation #204

Open code423n4 opened 3 years ago

code423n4 commented 3 years ago

Handle

@cmichelio

Vulnerability details

Vulnerability Details

The spec defines the number of LP units to be minted as units = (P (a B + A b))/(2 A B) * slipAdjustment = P * (part1 + part2) / part3 * slipAdjustments but the Utils.calcLiquidityUnits function computes ((P * part1) + part2) / part3 * slipAdjustments. The associativity on P * part1 is wrong, and part2 is not multiplied by P.

Impact

The math from the spec is not correclty implemented and could lead to the protocol being economically exploited, as redeeming the minted LP tokens does not result in the initial tokens anymore.

Recommended Mitigation Steps

Fix the equation.

strictly-scarce commented 3 years ago

Valid, but funds not at risk, recommend: 2