Incorrect Condition for Validating Input and Output Tokens in CurveTricryptoAdapter::_determineComputeType Function

[c4-bot-1]

Lines of code

https://github.com/code-423n4/2023-11-shellprotocol/blob/main/src/adapters/CurveTricryptoAdapter.sol#L272-L277

Vulnerability details

Impact

The contract contains a bug in the _determineComputeType function, where the condition for checking if the input and output tokens are valid for swapping is incorrect. This bug may lead to unexpected behavior and incorrect computation of the compute type.

The function's condition for validating the input and output tokens is incorrect, leading to incorrect compute type determination.

Proof of Concept

       if (
            ((inputToken == xToken && outputToken == yToken) || (inputToken == yToken && outputToken == xToken))
                || ((inputToken == xToken && outputToken == zToken) || (inputToken == zToken && outputToken == xToken))
                || ((inputToken == yToken && outputToken == zToken) || (inputToken == zToken && outputToken == yToken))
        ) {
            return ComputeType.Swap;

https://github.com/code-423n4/2023-11-shellprotocol/blob/main/src/adapters/CurveTricryptoAdapter.sol#L272-L277

Tools Used

manual review

Recommended Mitigation Steps

The condition in the _determineComputeType function should be updated as follows:

if (
    ((inputToken == xToken && outputToken == yToken) || (inputToken == yToken && outputToken == xToken))
        || ((inputToken == xToken && outputToken == zToken) || (inputToken == zToken && outputToken == xToken))
        || ((inputToken == yToken && outputToken == zToken) || (inputToken == zToken && outputToken == yToken))
) {
    return ComputeType.Swap;
}

Assessed type

Access Control

[c4-pre-sort]

raymondfam marked the issue as insufficient quality report

[c4-pre-sort]

raymondfam marked the issue as primary issue

[raymondfam]

Insufficient proof.

[c4-judge]

0xA5DF marked the issue as unsatisfactory: Insufficient proof