Closed c4-bot-10 closed 9 months ago
raymondfam marked the issue as insufficient quality report
raymondfam marked the issue as duplicate of #53
0xA5DF changed the severity to QA (Quality Assurance)
0xA5DF marked the issue as grade-c
Low quantity
Lines of code
https://github.com/code-423n4/2023-11-shellprotocol/blob/485de7383cdf88284ee6bcf2926fb7c19e9fb257/src/ocean/Ocean.sol#L786-L806
Vulnerability details
Impact
Basically
_computeInputAmount
reverts because it tries to decrease token balance from the premitive in the beginning.Proof of Concept
Usually Ocean's premitive contracts play a role of exchange, either swapping exact amount of tokens to another or swapping some amounts of tokens to exact amount of other token. Based on the goal,
_computeInputAmount
or_computeOutputAmount
is called.However in current implementation of
_computeInputAmount
, it decreases the output token balance of the premitive which will always revert, because premitive's token balances are always zero.Tools Used
Manual Review
Recommended Mitigation Steps
For calculating input amount, interaction's metadata includes max input amount. Based on the information, the correct steps would look like follows:
Assessed type
Context