Closed code423n4 closed 3 years ago
0xsanson
When burning a liquidity position the reserves should be decreased by the tokens' amount that leaves the contract. However in ConcentratedLiquidityPool's burn they are decreased only by the fees.
burn
https://github.com/sushiswap/trident/blob/c405f3402a1ed336244053f8186742d2da5975e9/contracts/pool/concentrated/ConcentratedLiquidityPool.sol#L263-L266
editor
Consider subtracting amount0 and amount1 to the reserves, instead of amount0fees and amount1fees.
amount0
amount1
amount0fees
amount1fees
Duplicate of #51
sarangparikh22
commented
3 years ago
Handle
0xsanson
Vulnerability details
Impact
When burning a liquidity position the reserves should be decreased by the tokens' amount that leaves the contract. However in ConcentratedLiquidityPool's
burnthey are decreased only by the fees.Proof of Concept
https://github.com/sushiswap/trident/blob/c405f3402a1ed336244053f8186742d2da5975e9/contracts/pool/concentrated/ConcentratedLiquidityPool.sol#L263-L266
Tools Used
editor
Recommended Mitigation Steps
Consider subtracting
amount0andamount1to the reserves, instead ofamount0feesandamount1fees.