Open code423n4 opened 1 year ago
The Warden has shown how, due to an inconsistent re-ordering, the removeLiqudity function can return incorrect (swapped) amounts.
While invariants are not broken, this is an example of an incorrect function behaviour.
For this reason, despite no loss of value, I believe Medium Severity to be appropriate as the potential impact warrants an increased severity.
GalloDaSballo marked the issue as selected for report
Lines of code
https://github.com/code-423n4/2022-10-traderjoe/blob/e81b78ddb7cc17f0ece921fbaef2c2521727094b/src/LBRouter.sol#L291
Vulnerability details
Impact
LBRouter.removeLiquidity
reorders tokens when the user did not pass them in the pair order (ascending order):However, when returning
amountX
andamountY
, it is ignored if the order was changed:Therefore, when the order of the tokens is swapped by the function, the return value
amountX
("Amount of token X returned") in reality is the amount of the user-provided token Y that is returned and vice versa.Because this is an exposed function that third-party protocols / contracts will use, this can cause them to malfunction. For instance, when integrating with Trader Joe, something natural to do is:
This snippet will only be correct when the token addresses are passed in the right order, which should not be the case. When they are not passed in the right order, the accounting of third-party contracts will be messed up, leading to vulnerabilities / lost funds there.
Proof Of Concept
First consider the following diff, which shows a scenario when
LBRouter
does not switchtokenX
andtokenY
, resulting in correct return values:This test passes (as it should). Now, consider the following diff, where
LBRouter
switchestokenX
andtokenY
:This test should also pass (the order of the tokens was only switched), but it does not because the return values are mixed up.
Recommended Mitigation Steps
Add the following statement in the end: