search

code-423n4 / 2023-09-goodentry-mitigation-findings

0 stars 0 forks source link

M-02 MitigationConfirmed #36

Open c4-submissions opened 1 year ago

c4-submissions commented 1 year ago

Lines of code

Vulnerability details

Comments

The description of H-02 is very clear. In extreme cases, low liquidity causes the number of tokens obtained by decreaseLiquidity to be 0, which will be reverted when collect and will DOS deposit and withdraw.

Mitigation

    if (removed0 > 0 || removed1 > 0){
      POS_MGR.collect( 
        INonfungiblePositionManager.CollectParams({
          tokenId: tokenId,
          recipient: msg.sender,
          amount0Max: uint128(removed0),
          amount1Max: uint128(removed1)
        })
      );
    }

Avoid revert by verifying whether the quantity is 0 in collect

Test

After actual testing, the test cases provided by M-02 work normally

Conclusion

LGTM

c4-judge commented 12 months ago

gzeon-c4 marked the issue as confirmed for report

c4-judge commented 12 months ago

gzeon-c4 marked the issue as satisfactory