Open c4-submissions opened 1 year ago
gzeon-c4 marked the issue as confirmed for report
Would also consdier xuwinnie as satisfactory on this issue despite https://github.com/code-423n4/2023-09-goodentry-mitigation-findings/issues/51
gzeon-c4 marked the issue as satisfactory
Lines of code
Vulnerability details
Comments
The purpose of dust is to ensure that the liquidity of deposits is high enough so that the liquidity can fully repay the debt. However, there is a problem with the calculation of dust. As shown in the POC in the report, as the tick fluctuates, the actual calculated dust amount is too low or too high, and may even revert.
Mitigation
The protocol rewrites this part of the logic and solves this problem by verifying the result after adding liquidity instead of adding dust beforehand. Additionally, TokenisableRange fees are no longer compounded directly in TR, but are instead sent to the corresponding GeVault for management
Suggestion
These lines of code can be removed
Conclusion
LGTM