search

code-423n4 / 2022-01-elasticswap-findings

1 stars 0 forks source link

Inclusive conditions #175

Open code423n4 opened 2 years ago

code423n4 commented 2 years ago

Handle

pauliax

Vulnerability details

Impact

Conditions should be inclusive >= or <= :

  require(
      baseTokenQty > _baseTokenQtyMin,
      "MathLib: INSUFFICIENT_BASE_TOKEN_QTY"
  );
  require(
      quoteTokenQty > _quoteTokenQtyMin,
      "MathLib: INSUFFICIENT_QUOTE_TOKEN_QTY"
  );
  require(
      _baseTokenQtyMin < maxBaseTokenQty,
      "MathLib: INSUFFICIENT_DECAY"
  );
  require(
      _quoteTokenQtyMin < maxQuoteTokenQty,
      "MathLib: INSUFFICIENT_DECAY"
  );

Otherwise, these functions will fail when e.g. baseTokenQty = _baseTokenQtyMin when the end-user expects it to pass through.

0xean commented 2 years ago

yup, makes sense. Will modify.

GalloDaSballo commented 2 years ago

Agree with the finding and severity