When a user is trading base tokens for quote tokens, they can specify _minQuoteTokenQty, which is the minimum number of quote tokens that should be returned. Later on in calculateQuoteTokenQty, there is the following require statement:
This will revert if the exact number of tokens is correct, which is contradictory to the logic in the rest of the Math library. Often a user will know the exact amount of tokens that they want to receive, and in the case that they get this exact amount, their transaction will revert unnecessarily and this will cost the user all of the failed transaction's gas (which could be quite a bit).
0xean
commented
2 years ago
Handle
harleythedog
Vulnerability details
Impact
When a user is trading base tokens for quote tokens, they can specify
_minQuoteTokenQty, which is the minimum number of quote tokens that should be returned. Later on incalculateQuoteTokenQty, there is the followingrequirestatement:This will revert if the exact number of tokens is correct, which is contradictory to the logic in the rest of the Math library. Often a user will know the exact amount of tokens that they want to receive, and in the case that they get this exact amount, their transaction will revert unnecessarily and this will cost the user all of the failed transaction's gas (which could be quite a bit).
Proof of Concept
See referenced code here.
Tools Used
Inspection.
Recommended Mitigation Steps
Change the
>to a>=so that therequirestatement is: