The Pools::removeLiquidity() function is designed to ensure that the liquidity removal from a pool does not reduce either of the pool's reserves (reserve0 or reserve1) below a specified minimum amount known as DUST. However, due to a typo, the check incorrectly verifies reserve0 twice, neglecting to verify reserve1. This oversight means that while the function ensures reserve0 does not fall below DUST, it fails to adequately protect reserve1 from dropping below this critical threshold. The intended purpose of the DUST check is to maintain stable reserve ratios even after significant liquidity withdrawals, ensuring functions like swaps can operate correctly without reverting. The omission of an accurate check for reserve1 can lead to imbalances in the pool's reserves, potentially disrupting the pool's operations and affecting swap-related functionalities.
Lines of code
Vulnerability details
C4 Issue
https://github.com/code-423n4/2024-01-salty-findings/issues/784
Comments
The Pools::removeLiquidity() function is designed to ensure that the liquidity removal from a pool does not reduce either of the pool's reserves (reserve0 or reserve1) below a specified minimum amount known as DUST. However, due to a typo, the check incorrectly verifies reserve0 twice, neglecting to verify reserve1. This oversight means that while the function ensures reserve0 does not fall below DUST, it fails to adequately protect reserve1 from dropping below this critical threshold. The intended purpose of the DUST check is to maintain stable reserve ratios even after significant liquidity withdrawals, ensuring functions like swaps can operate correctly without reverting. The omission of an accurate check for reserve1 can lead to imbalances in the pool's reserves, potentially disrupting the pool's operations and affecting swap-related functionalities.
Mitigation
https://github.com/othernet-global/salty-io/commit/b01f6e5cb360e89f9e4cdae41d609ea747bcaa86
The mitigation simply fixed the typo, replacing reserve0 with reserve1
Conclusion
LGTM