search

code-423n4 / 2021-09-sushitrident-2-findings

0 stars 0 forks source link

Wrong indexes: positionId vs incentiveId #78

Closed code423n4 closed 3 years ago

code423n4 commented 3 years ago

Handle

0xsanson

Vulnerability details

Impact

In multiple functions in ConcentratedLiquidityPoolManager, the index positionId is used instead of the correct incentiveId when dealing with the incentives mapping.

Of course the issue is that incentives cannot be used, or in some cases only by lucky positions, making the contract unusable.

Proof of Concept

https://github.com/sushiswap/trident/blob/c405f3402a1ed336244053f8186742d2da5975e9/contracts/pool/concentrated/ConcentratedLiquidityPoolManager.sol#L68 https://github.com/sushiswap/trident/blob/c405f3402a1ed336244053f8186742d2da5975e9/contracts/pool/concentrated/ConcentratedLiquidityPoolManager.sol#L87 https://github.com/sushiswap/trident/blob/c405f3402a1ed336244053f8186742d2da5975e9/contracts/pool/concentrated/ConcentratedLiquidityPoolManager.sol#L105

Tools Used

editor

Recommended Mitigation Steps

Change the second index to incentiveId.

sarangparikh22 commented 3 years ago

Duplicate of #39 Disagree with severity, It should be 2.