search

code-423n4 / 2022-01-timeswap-findings

2 stars 0 forks source link

TimeswapPair.mint() needs minor refactoring. #148

Closed code423n4 closed 2 years ago

code423n4 commented 2 years ago

Handle

PPrieditis

Vulnerability details

Impact

Amount of code can be decreased and readability improved. Change is needed for: https://github.com/code-423n4/2022-01-timeswap/blob/main/Timeswap/Timeswap-V1-Core/contracts/TimeswapPair.sol#L157-L170

Recommended Mitigation Steps

Change mentioned lines from: if (pool.state.totalLiquidity == 0) { uint256 liquidityTotal = MintMath.getLiquidityTotal(xIncrease); liquidityOut = MintMath.getLiquidity(maturity, liquidityTotal, protocolFee);

    pool.state.totalLiquidity += liquidityTotal;
    pool.liquidities[factory.owner()] += liquidityTotal - liquidityOut;
} else {
    uint256 liquidityTotal = MintMath.getLiquidityTotal(pool.state, xIncrease, yIncrease, zIncrease);
    liquidityOut = MintMath.getLiquidity(maturity, liquidityTotal, protocolFee);

    pool.state.totalLiquidity += liquidityTotal;
    pool.liquidities[factory.owner()] += liquidityTotal - liquidityOut;
}
require(liquidityOut > 0, 'E212');

To: uint256 liquidityTotal = pool.state.totalLiquidity == 0 ? MintMath.getLiquidityTotal(xIncrease) : MintMath.getLiquidityTotal(pool.state, xIncrease, yIncrease, zIncrease); liquidityOut = MintMath.getLiquidity(maturity, liquidityTotal, protocolFee); require(liquidityOut > 0, 'E212'); pool.state.totalLiquidity += liquidityTotal; pool.liquidities[factory.owner()] += liquidityTotal - liquidityOut;

Mathepreneur commented 2 years ago

Similar issue reported over here #155 hence, closing this issue