Open c4-submissions opened 1 year ago
gzeon-c4 marked the issue as unmitigated
Would consider this as unmitigated since getActiveTickIndex still may return wrong value https://github.com/code-423n4/2023-09-goodentry-mitigation-findings/issues/43
gzeon-c4 marked the issue as confirmed for report
gzeon-c4 marked the issue as satisfactory
Lines of code
Vulnerability details
Comments
The tick index returned by
getActiveTickIndex
may be a boundary value, and there is no verification of overflow when accessing adjacent indexes, which may lead to access errors. A notable impact scenario is:Mitigation
liquidityPerTick
to support dynamic adjustment of asset distribution.By the way, the new implementation of
getActiveTickIndex
is wrong and has nothing to do with this question, submit it as a new question.Conclusion
LGTM