alcueca
commented
3 years ago Can't find a duplicate, @maxsam4?
Closed code423n4 closed 3 years ago
alcueca
commented
3 years ago Can't find a duplicate, @maxsam4?
maxsam4
commented
3 years ago
Handle
0xRajeev
Vulnerability details
Impact
In _computeLiquidityFromAdjustedBalances(), when s == 0, we can return after setting compute = 0 instead of falling through to code after that which does not change the return value of compute because D will also be 0.
Proof of Concept
https://github.com/sushiswap/trident/blob/7098ef9ad97fa11d350a15d97740e97ad2ca4649/contracts/pool/HybridPool.sol#L341-L358
Tools Used
Manual Analysis
Recommended Mitigation Steps
Add an explicit return statement after L345