Open c4-bot-4 opened 4 months ago
https://github.com/code-423n4/2024-06-vultisig/blob/cb72b1e9053c02a58d874ff376359a83dc3f0742/src/ILOManager.sol#L90
initILOPool function in the ILOPool contract should check if the initialPoolPrice is in range of the lower and upper tick provided.
initILOPool
But we look closely, it only checks if the lower < upper & lower < initial.
lower < upper
lower < initial
Thus there can be scenario where lower < upper < initial will hold true
lower < upper < initial
Manual Review
require(sqrtRatioLowerX96 < _project.initialPoolPriceX96 && _project.initialPoolPriceX96 < sqrtRatioUpperX96, "RANGE");
Invalid Validation
Lines of code
https://github.com/code-423n4/2024-06-vultisig/blob/cb72b1e9053c02a58d874ff376359a83dc3f0742/src/ILOManager.sol#L90
Vulnerability details
Impact
initILOPoolfunction in the ILOPool contract should check if the initialPoolPrice is in range of the lower and upper tick provided.But we look closely, it only checks if the
lower < upper&lower < initial.Thus there can be scenario where
lower < upper < initialwill hold trueTools Used
Manual Review
Recommended Mitigation Steps
Assessed type
Invalid Validation