Closed code423n4 closed 2 years ago
gzeon
swapBaseTokenForQuoteToken check for _baseTokenQty > 0 && _minQuoteTokenQty > 0, but the same check also exists next line in MathLib.calculateQuoteTokenQty
swapBaseTokenForQuoteToken
_baseTokenQty > 0 && _minQuoteTokenQty > 0
MathLib.calculateQuoteTokenQty
https://github.com/code-423n4/2022-01-elasticswap/blob/d107a198c0d10fbe254d69ffe5be3e40894ff078/elasticswap/src/contracts/Exchange.sol#L260
function swapBaseTokenForQuoteToken( uint256 _baseTokenQty, uint256 _minQuoteTokenQty, uint256 _expirationTimestamp ) external nonReentrant() { isNotExpired(_expirationTimestamp); require( _baseTokenQty > 0 && _minQuoteTokenQty > 0, "Exchange: INSUFFICIENT_TOKEN_QTY" ); uint256 quoteTokenQty = MathLib.calculateQuoteTokenQty( _baseTokenQty, _minQuoteTokenQty, TOTAL_LIQUIDITY_FEE, internalBalances );
https://github.com/code-423n4/2022-01-elasticswap/blob/d107a198c0d10fbe254d69ffe5be3e40894ff078/elasticswap/src/libraries/MathLib.sol#L664
function calculateQuoteTokenQty( uint256 _baseTokenQty, uint256 _quoteTokenQtyMin, uint256 _liquidityFeeInBasisPoints, InternalBalances storage _internalBalances ) public returns (uint256 quoteTokenQty) { require( _baseTokenQty > 0 && _quoteTokenQtyMin > 0, "MathLib: INSUFFICIENT_TOKEN_QTY" );
Duplicate of #173
GalloDaSballo
commented
2 years ago
Handle
gzeon
Vulnerability details
Impact
swapBaseTokenForQuoteTokencheck for_baseTokenQty > 0 && _minQuoteTokenQty > 0, but the same check also exists next line inMathLib.calculateQuoteTokenQtyProof of Concept
https://github.com/code-423n4/2022-01-elasticswap/blob/d107a198c0d10fbe254d69ffe5be3e40894ff078/elasticswap/src/contracts/Exchange.sol#L260
https://github.com/code-423n4/2022-01-elasticswap/blob/d107a198c0d10fbe254d69ffe5be3e40894ff078/elasticswap/src/libraries/MathLib.sol#L664