The comment calculateWithdrawalAmountsOnPartVaults says it returns true of false (e.g. boolean).
However the function implementation returns:
uint256 withdrawType
Probably the comment is outdated, which can be confusing.
Proof of Concept
// https://github.com/code-423n4/2021-06-gro/blob/main/contracts/insurance/Insurance.sol#L329
/// @notice Calculate withdrawal amounts based on part vaults, if the sum of part vaults'
/// maxWithdrawal can meet required amount, return true and valid array,
/// otherwise return false and invalid array
...
function calculateWithdrawalAmountsOnPartVaults(uint256 amount, address[N_COINS] memory vaults)
private view returns (uint256 withdrawType, uint256[N_COINS] memory withdrawalAmounts)
{
Tools Used
Recommended Mitigation Steps
Fix the comment of function calculateWithdrawalAmountsOnPartVaults
Handle
gpersoon
Vulnerability details
Impact
The comment calculateWithdrawalAmountsOnPartVaults says it returns true of false (e.g. boolean). However the function implementation returns: uint256 withdrawType
Probably the comment is outdated, which can be confusing.
Proof of Concept
// https://github.com/code-423n4/2021-06-gro/blob/main/contracts/insurance/Insurance.sol#L329 /// @notice Calculate withdrawal amounts based on part vaults, if the sum of part vaults' /// maxWithdrawal can meet required amount, return true and valid array, /// otherwise return false and invalid array ... function calculateWithdrawalAmountsOnPartVaults(uint256 amount, address[N_COINS] memory vaults) private view returns (uint256 withdrawType, uint256[N_COINS] memory withdrawalAmounts) {
Tools Used
Recommended Mitigation Steps
Fix the comment of function calculateWithdrawalAmountsOnPartVaults