Natspec not matching function's logic

[code423n4]

Handle

0xngndev

Vulnerability details

Impact

In NoYield.sol the natspec of function liquidityToken says it's used to query the liquidity token for a given asset. However, the function simply returns the address of the passed in asset, not its liquidity token address. This could be because NoYield.sol does not have liquidity tokens and so it simply returns the same asset address the function is called with. Either way, I found it slightly confusing, and I'm not fully sure if I understand why this function is there other than to fulfill the interface.

There's also a small typo in the @return of the natspec:

@return _tokenAddress address of the lqiudity token for the asset

should be:

@return _tokenAddress address of the liquidity token for the asset

[ritik99]

As mentioned by the warden, the function has been included just to maintain consistency with the other yield strategies. The return value is what would be expected given NoYield.sol does not have any associated liquidity token. Maintaining consistency with other yield strategies is important to allow for a common interface in case these strategies are utilized elsewhere, so removing it would not make sense

[0xean]

I think the warden is rather suggesting the nat spec documentation be updated.