search

code-423n4 / 2023-07-basin-findings

1 stars 0 forks source link

Well is not compatible with non-zero value transfer tokens #196

Open code423n4 opened 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-07-basin/blob/9403cf973e95ef7219622dbbe2a08396af90b64c/src/Well.sol#L558

Vulnerability details

Impact

In removeLiquidityImbalanced, there is a tokenAmountsOut for loop that needs to pass in each token, but some tokens do not allow zero transfer, so users cannot enter zero values. Note that automatic discovery mentions this issue, but does not identify the line of code and the issue, leaving it to the judge to determine whether it is duplicated.

Proof of Concept

        for (uint256 i; i < _tokens.length; ++i) {
            _tokens[i].safeTransfer(recipient, tokenAmountsOut[i]);
            reserves[i] = reserves[i] - tokenAmountsOut[i];
        }

The code is obvious

Tools Used

Manual review

Recommended Mitigation Steps

Check tokenAmountsOut is not zero before transfer

Assessed type

Token-Transfer

c4-pre-sort commented 1 year ago

141345 marked the issue as duplicate of #225

c4-pre-sort commented 1 year ago

141345 marked the issue as duplicate of #289

c4-judge commented 1 year ago

alcueca marked the issue as partial-50

c4-judge commented 1 year ago

alcueca marked the issue as unsatisfactory: Insufficient quality

c4-judge commented 1 year ago

alcueca changed the severity to QA (Quality Assurance)

c4-judge commented 1 year ago

alcueca marked the issue as grade-b