search

code-423n4 / 2023-11-shellprotocol-findings

7 stars 7 forks source link

Upgraded Q -> 2 from #52 [1702727357374] #341

Closed c4-judge closed 8 months ago

c4-judge commented 8 months ago

Judge has assessed an item in Issue #52 as 2 risk. The relevant finding follows:

[L-01] primitiveOutputAmount() dust outputAmount residue in Curve2PoolAdapter

In Curve2PoolAdapter.primitiveOutputAmount() When outputToken's decimals > 18, it will be converted to 18, and the truncated dust will remain in the contract forever, never to be taken out. If accumulated over time, it may lock up a considerable amount of residual token in the contract. It is suggested to add a method for administrators to take away these dust.

    function primitiveOutputAmount(
        uint256 inputToken,
        uint256 outputToken,
        uint256 inputAmount,
        bytes32 minimumOutputAmount
    )
        internal
        override
        returns (uint256 outputAmount)
    {
...
@>      outputAmount = _convertDecimals(decimals[outputToken], NORMALIZED_DECIMALS, rawOutputAmount);

        if (uint256(minimumOutputAmount) > outputAmount) revert SLIPPAGE_LIMIT_EXCEEDED();

        if (action == ComputeType.Swap) {
            emit Swap(inputToken, inputAmount, outputAmount, minimumOutputAmount, primitive, true);
        } else if (action == ComputeType.Deposit) {
            emit Deposit(inputToken, inputAmount, outputAmount, minimumOutputAmount, primitive, true);
        } else {
            emit Withdraw(outputToken, inputAmount, outputAmount, minimumOutputAmount, primitive, true);
        }
    }
c4-judge commented 8 months ago

0xA5DF marked the issue as duplicate of #252

c4-judge commented 8 months ago

0xA5DF marked the issue as satisfactory

c4-judge commented 8 months ago

This auto-generated issue was withdrawn by 0xA5DF

c4-judge commented 8 months ago

0xA5DF marked the issue as grade-c

0xA5DF commented 8 months ago

Moved to #52