code-423n4 / 2021-09-yaxis-findings

0 stars 0 forks source link

Inclusive check in setSlippage #78

Open code423n4 opened 2 years ago

code423n4 commented 2 years ago

Handle

pauliax

Vulnerability details

Impact

I think the check in function setSlippage should be inclusive '<=' here: require(_slippage < ONE_HUNDRED_PERCENT, "!_slippage"); When slippage is 100%, then _estimatedWETH or _estimatedYAXIS should be 0.

Recommended Mitigation Steps

require(_slippage <= ONE_HUNDRED_PERCENT, "!_slippage");

Haz077 commented 2 years ago

I think _slippage shouldn't be even near 100, so I don't think this is important, in my opinion.

GalloDaSballo commented 2 years ago

Disagree with finding for 2 reason

Really minor
ONE_HUNDRED_PERCENT in this case means we don't care, and since we want the check to be used, we proactively don't want to be using a value that is equal to the max

Disputed