search

code-423n4 / 2021-10-tempus-findings

0 stars 0 forks source link

TempusAMM freezing all actions except proportional exit on maturity seems unnecessary #18

Open code423n4 opened 3 years ago

code423n4 commented 3 years ago

Handle

TomFrench

Vulnerability details

Impact

Reduced flexibility of AMM + additional gas costs on swaps

Proof of Concept

As the relative payouts of the principal and yield tokens are fixed at the point of finalisation, there's no need to freeze the AMM as it will just rapidly be arbed to the final prices of each token. No funds will be lost by LPs.

Making this change would reduce gas costs as swaps won't have to check maturity (load the TempusPool then perform SLOAD for maturity state variable).

Recommended Mitigation Steps

Remove beforeMaturity modifier from AMM.

mijovic commented 3 years ago

Very good suggestion to save gas.

mijovic commented 2 years ago

Fixed in https://github.com/tempus-finance/tempus-protocol/pull/366