search

code-423n4 / 2024-04-revert-mitigation-findings

1 stars 1 forks source link

ADD-01 MitigationConfirmed #6

Open c4-bot-2 opened 4 months ago

c4-bot-2 commented 4 months ago

Lines of code

Vulnerability details

C4 issue

ADD-01: Improper return of chainlinkReferencePriceX96

Comment

In the original code, the function _getReferenceTokenPriceX96 will return chainlinkReferencePriceX96 as 0 in case token == referenceToken and make subsequent calls to this function recalculate this value:

function _getReferenceTokenPriceX96(address token, uint256 cachedChainlinkReferencePriceX96)
        internal
        view
        returns (uint256 priceX96, uint256 chainlinkReferencePriceX96)
    {
        if (token == referenceToken) {
            return (Q96, chainlinkReferencePriceX96);
        }
     ...
     chainlinkReferencePriceX96 = cachedChainlinkReferencePriceX96 == 0
                ? _getChainlinkPriceX96(referenceToken)
                : cachedChainlinkReferencePriceX96;
}

Mitigation

PR #13 The function now returns cachedChainlinkReferencePriceX96 input if token == referenceToken:

function _getReferenceTokenPriceX96(address token, uint256 cachedChainlinkReferencePriceX96)
        internal
        view
        returns (uint256 priceX96, uint256 chainlinkReferencePriceX96)
    {
        if (token == referenceToken) {
            return (Q96, cachedChainlinkReferencePriceX96);
        }
...

The mitigation resolved the original issue.

Conclusion

LGTM

c4-judge commented 4 months ago

jhsagd76 marked the issue as satisfactory