c4-judge
commented
12 months ago gzeon-c4 marked the issue as confirmed for report
Open c4-submissions opened 1 year ago
c4-judge
commented
12 months ago gzeon-c4 marked the issue as confirmed for report
c4-judge
commented
12 months ago gzeon-c4 marked the issue as satisfactory
Lines of code
Vulnerability details
Comments
The contract code uses the wrong compiler version and introduces a revert mechanism for overflow errors in arithmetic operations. This makes it possible to revert getAmountsForLiquidity, DOS deposit and withdraw functions, causing funds to be frozen and contract functions to be unusable.
Mitigation
Related issues are fixed by using uniswap 0.8 branch code. Wrap arithmetic operations in unchecked blocks to avoid revert.
Test
Test the actual use case given in the issue and it works well.
Conclusion
LGTM