search

code-423n4 / 2023-08-pooltogether-findings

4 stars 3 forks source link

Incorrect Import Path Directories #167

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/GenerationSoftware/pt-v5-cgda-liquidator/blob/7f95bcacd4a566c2becb98d55c1886cadbaa8897/src/LiquidationPair.sol#L4-L6

Vulnerability details

Impact

Wrong Import Path Directories of LiquidationPair.sol contract would affect the functionality of the contract as this contract relies of the implementation of this imports

Proof of Concept

4. import { ILiquidationSource } from "pt-v5-liquidator-interfaces/ILiquidationSource.sol";
5. import { ILiquidationPair } from "pt-v5-liquidator-interfaces/ILiquidationPair.sol";
6. import { SD59x18, uEXP_MAX_INPUT, wrap, convert, unwrap } from "prb-math/SD59x18.sol";

based on the context of the LiquidationPair.sol contract location in the code base, these imports seem to be wrong

Tools Used

Solidity, Manual Review

Recommended Mitigation Steps

The code base should be re-accessed and reorganized to ensure right import directories

Assessed type

Access Control

c4-pre-sort commented 1 year ago

raymondfam marked the issue as low quality report

raymondfam commented 1 year ago

Insufficient proof. Additionally, the contract wouldn't compile with missing essential imports.

c4-judge commented 1 year ago

HickupHH3 marked the issue as unsatisfactory: Overinflated severity