c4-judge
commented
1 year ago berndartmueller marked the issue as duplicate of #264
Closed code423n4 closed 1 year ago
c4-judge
commented
1 year ago berndartmueller marked the issue as duplicate of #264
berndartmueller
commented
1 year ago Due to the lack of a concrete impact (in comparison to https://github.com/code-423n4/2023-01-numoen-findings/issues/264) and the overall lack of quality, I'm downgrading this to QA (Low).
c4-judge
commented
1 year ago berndartmueller marked the issue as not a duplicate
c4-judge
commented
1 year ago berndartmueller changed the severity to QA (Quality Assurance)
c4-judge
commented
1 year ago berndartmueller marked the issue as grade-c
Lines of code
https://github.com/code-423n4/2023-01-numoen/blob/2ad9a73d793ea23a25a381faadc86ae0c8cb5913/src/core/Pair.sol#L56-L57
Vulnerability details
Impact
Detailed description of the impact of this finding.
There appears to be division before multiplication in this line of code which could result to precision loss or unexpected output.
Proof of Concept
Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept.
https://github.com/code-423n4/2023-01-numoen/blob/2ad9a73d793ea23a25a381faadc86ae0c8cb5913/src/core/Pair.sol#L56-L57
Tools Used
Manual Review
Recommended Mitigation Steps
It is recommended to multiply before doing division
uint256 scale0 = FullMath.mulDiv(amount0 1e18 token0Scale, 1, liquidity); uint256 scale0 = FullMath.mulDiv(amount0 1e18 token1Scale, 1, liquidity);