search

code-423n4 / 2021-11-vader-findings

0 stars 0 forks source link

`BasePoolV2.sol` reserve should not be allowed to be 0 #192

Closed code423n4 closed 2 years ago

code423n4 commented 3 years ago

Handle

WatchPug

Vulnerability details

https://github.com/code-423n4/2021-11-vader/blob/429970427b4dc65e37808d7116b9de27e395ce0c/contracts/dex-v2/pool/BasePoolV2.sol#L346-L349

require(
    nativeAmountOut > 0 && nativeAmountOut <= nativeReserve,
    "BasePoolV2::doubleSwap: Swap Impossible"
);

Should be changed to:

require(
    nativeAmountOut > 0 && nativeAmountOut < nativeReserve,
    "BasePoolV2::doubleSwap: Swap Impossible"
);

Otherwise, it will malfunction the pool.

SamSteinGG commented 3 years ago

The current code ensures nativeReserve is greater than zero, unclear of what the finding means.

alcueca commented 2 years ago

Dispute accepted.