search

code-423n4 / 2022-04-badger-citadel-findings

0 stars 1 forks source link

QA Report #191

Open code423n4 opened 2 years ago

code423n4 commented 2 years ago

L-01: No citadelPriceInAsset value check might lead to unintended deposit functionality in Funding.sol

Line References

Description

In the getAmountOut function of Funding.sol, if citadelPriceInAsset is not set (equal to 0) then citadelAmountWithoutDiscount will equal 0 and the getAmountOut function will return 0.

When getAmountOut is called in deposit, citadelAmount_ will be equal to 0. If the _minCitadelOut parameter in deposit is set to more than 0, the require on line 178 would fail, not allowing a user to deposit. If _minCitadelOut is set to 0 then the require condition would be passed. However, when depositFor is called on line 184 the transaction will fail due to the amount in depositFor being equal to 0.

Without the citadelPriceInAsset value being set, users would not be able to use deposit.

A possible fix would be to set the citadelPriceInAsset value before calculating citadelAmountWithoutDiscount in getAmountOut.

N-01: Error in comments for deposit function in Funding.sol

Line References

Description

The comment describes the parameter _minCitadelOut as 'ID of DAO to vote for' and should instead be something along the lines of 'minimum CTDL tokens to be received'.