c4-judge
commented
8 months ago Picodes marked the issue as satisfactory
Open c4-bot-9 opened 8 months ago
c4-judge
commented
8 months ago Picodes marked the issue as satisfactory
Lines of code
Vulnerability details
Lines of code
Vulnerability details
Summary of E1
The PR adds the function depositZapSwapWithdraw() which zap-swaps without involving the arb flow.
Function depositZapSwapWithdraw() is only callable from inside
_dualZapInLiquidity()at L56 and L68 which is in turn callable from Liquidity::depositLiquidityAndIncreaseShare().Aspects Audited
address(liquidity).No additional negative impact seen.
Informational note
There is no check above L50 which ensures that reserves are above DUST amount (such checks are present throughout the protocol before other calls to
_adjustReservesForSwap). However, this is not necessary due to the combination of checks in Pools.sol#L445-448 and in L48 & L60. This is just an informational note in case the protocol wants to add an explicit check too.Conclusion
LGTM