search

code-423n4 / 2022-01-timeswap-findings

2 stars 0 forks source link

LendMath.sol(this contract is not in scope but will affect TimeswapPair.lend() ) #181

Closed code423n4 closed 2 years ago

code423n4 commented 2 years ago

Handle

0xwags

Vulnerability details

Impact

TimeswapPair.lend() makes a call to lendMath.check() on line 247.There should be one argument returned on line 25 of check() instead of three.

Proof of Concept

https://github.com/code-423n4/2022-01-timeswap/blob/bf50d2a8bb93a5571f35f96bd74af54d9c92a210/Timeswap/Timeswap-V1-Core/contracts/TimeswapPair.sol#L241

https://github.com/code-423n4/2022-01-timeswap/blob/bf50d2a8bb93a5571f35f96bd74af54d9c92a210/Timeswap/Timeswap-V1-Core/contracts/libraries/LendMath.sol#L25

Tools Used

ManuaL Analysis

Recommended Mitigation Steps

(uint 112 xReserve, uint112 yAdjusted ,uint112 zAdjusted) =state.checkConstantProduct(maturity);

Mathepreneur commented 2 years ago

The checkConstantProduct function from the ConstantProduct.sol Library don't have a return value.

0xean commented 2 years ago

closing as out of scope