According to L33 the variable names match as follows:
V = vaderBalance
v = vaderDeposited
A = assetBalance
a = assetDeposited
Then the comment on L57 should be Av and not aV
L57: // aV
L58: uint256 assetVader = assetBalance * vaderDeposited;
If the comment on L64 would be true: |Va -aV| would always be zero => write |Va -Av|
L64: // 1 - [|Va - aV| / (v + V) * (a + A)]
L65: return ONE - (delta(vaderAsset, assetVader) / denominator);
Handle
GiveMeTestEther
Vulnerability details
The comments on L57 & 64 are wrong.
Proof of Concept
According to L33 the variable names match as follows: V = vaderBalance v = vaderDeposited A = assetBalance a = assetDeposited
Then the comment on L57 should be Av and not aV L57: // aV L58: uint256 assetVader = assetBalance * vaderDeposited;
If the comment on L64 would be true: |Va -aV| would always be zero => write |Va -Av| L64: // 1 - [|Va - aV| / (v + V) * (a + A)] L65: return ONE - (delta(vaderAsset, assetVader) / denominator);
https://github.com/code-423n4/2021-12-vader/blob/fd2787013608438beae361ce1bb6d9ffba466c45/contracts/dex/math/VaderMath.sol#L57 https://github.com/code-423n4/2021-12-vader/blob/fd2787013608438beae361ce1bb6d9ffba466c45/contracts/dex/math/VaderMath.sol#L64 https://github.com/code-423n4/2021-12-vader/blob/fd2787013608438beae361ce1bb6d9ffba466c45/contracts/dex/math/VaderMath.sol#L33
Recommended Mitigation Steps