c4-pre-sort
commented
8 months ago raymondfam marked the issue as insufficient quality report
Closed c4-bot-7 closed 8 months ago
c4-pre-sort
commented
8 months ago raymondfam marked the issue as insufficient quality report
c4-pre-sort
commented
8 months ago raymondfam marked the issue as duplicate of #301
c4-judge
commented
8 months ago 0xA5DF marked the issue as unsatisfactory: Invalid
c4-judge
commented
8 months ago 0xA5DF marked the issue as unsatisfactory: Invalid
c4-judge
commented
8 months ago 0xA5DF marked the issue as unsatisfactory: Invalid
Lines of code
https://github.com/code-423n4/2023-11-shellprotocol/blob/main/src/adapters/Curve2PoolAdapter.sol#L201
Vulnerability details
Impact
The _determineComputeType function reverts if the input and output tokens do not match expected pairs. This could lead to failed transactions if new token pairs are introduced without updating the function.
Proof of Concept
Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept.
Tools Used
Recommended Mitigation Steps
"Resolution": "Implement a more flexible mechanism for determining the compute type that can easily accommodate new token pairs.", "Source": "ComputeType action = _determineComputeType(inputToken, outputToken);", "Solution": "Use a mapping or an array to manage supported token pairs and their corresponding compute types."
Assessed type
Context