Upgraded Q -> 2 from #11 [1678055765655]

c4-judge commented 1 year ago

Judge has assessed an item in Issue #11 as 2 risk. The relevant finding follows:

[Low-01] SwingTraderManager.totalProfit may be updated incorrectly Impact In SwingTraderManager.sellMalt, when amountSold + dustThreshold >= maxAmount, the function will return directly and will not update totalProfit, which will cause totalProfit to update incorrectly

if (amountSold + dustThreshold >= maxAmount) {
  return maxAmount;
}

totalProfit += profit;

Proof of Concept https://github.com/code-423n4/2023-02-malt/blob/700f9b468f9cf8c9c5cffaa1eba1b8dea40503f9/contracts/StabilityPod/SwingTraderManager.sol#L251-L259

Recommended Mitigation Steps Change to

  if (amountSold >= maxAmount) {
    break;
  }
}

totalProfit += profit;

if (amountSold + dustThreshold >= maxAmount) { return maxAmount; }
totalProfit += profit;

c4-judge commented 1 year ago

Picodes marked the issue as duplicate of #16

c4-judge commented 1 year ago

Picodes marked the issue as satisfactory

code-423n4 / 2023-02-malt-findings

Upgraded Q -> 2 from #11 [1678055765655] #45