c4-pre-sort
commented
1 year ago 141345 marked the issue as duplicate of #78
Closed code423n4 closed 1 year ago
c4-pre-sort
commented
1 year ago 141345 marked the issue as duplicate of #78
c4-pre-sort
commented
1 year ago 141345 marked the issue as duplicate of #260
c4-judge
commented
1 year ago gzeon-c4 marked the issue as unsatisfactory: Insufficient proof
c4-judge
commented
1 year ago gzeon-c4 changed the severity to QA (Quality Assurance)
c4-judge
commented
1 year ago gzeon-c4 marked the issue as grade-c
Lines of code
https://github.com/code-423n4/2023-08-goodentry/blob/main/contracts/GeVault.sol#L331 https://github.com/code-423n4/2023-08-goodentry/blob/main/contracts/RangeManager.sol#L119 https://github.com/code-423n4/2023-08-goodentry/blob/main/contracts/RangeManager.sol#L131 https://github.com/code-423n4/2023-08-goodentry/blob/main/contracts/PositionManager/OptionsPositionManager.sol#L135
Vulnerability details
Impact
The amount0Min and amount1Min is at 0, which when withdrawing from UniswapV3 (Positions NFT (UNI-V3-POS)) can make it frontrunning and lose money.
Recommended Mitigation Steps
Add in the removeFromTick function the line "(uint amt0, uint amt1) = tr.getTokenAmounts(aBal)" and send these amounts in the function call on line 331 (tr.withdraw(aBal, amt0, amt1) and in the function from withdraw in TokenisableRange on lines 299 and 300 use the same deposit code (n1 * 95 / 100) to calculate 95% minimum.
Assessed type
Other