hats-finance / AlephZeroAMM-0x0d88a9ece90994ecb3ba704730819d71c139f60f

Apache License 2.0
1 stars 0 forks source link

A pool should be created in function add_liquidity if one does not exist #21

Open hats-bug-reporter[bot] opened 10 months ago

hats-bug-reporter[bot] commented 10 months ago

Github username: @JJtheAndroid Twitter username: -- Submission hash (on-chain): 0x110cecdb5499edabc58710f40760dacbd2d998370823e00dc93728975e29afbe Severity: low

Description: Description\

A pool should be created in function add_liquidity if one does not exist

In uniswap V2, (which this protocol is heavily inspired by), in the add liquidity function, there is a check that if a pair contract has not been created yet for a pair when adding liquidity, one gets created.

    IUniswapV2Factory(factory).createPair(tokenA, tokenB);

https://github.com/Uniswap/v2-periphery/blob/0335e8f7e1bd1e8d8329fd300aea2ef2f36dd19f/contracts/UniswapV2Router01.sol#L40

There is no such check made in router contract.

 let pair_contract = self.get_pair(token_0, token_1)?;
        fn get_pair(
            &self,
            token_0: AccountId,
            token_1: AccountId,
        ) -> Result<AccountId, RouterError> {
            self.factory_ref()
                .get_pair(token_0, token_1)
                .ok_or(RouterError::PairNotFound)
        }

https://github.com/hats-finance/AlephZeroAMM-0x0d88a9ece90994ecb3ba704730819d71c139f60f/blob/0a7264d707aea51b559a1bf94448681b59660f6a/amm/contracts/router/lib.rs#L242

It is strongly recommended to implement a logic similar to Uniswap V2. This means adding a check in the add_liquidity function to verify if a pool exists for the token pair. If not, the function should proceed to create a new pair contract.

You could something like this in the add_liquidity function

 Err(RouterError::PairNotFound) => {
        // Logic to create a new pair
        self.factory_ref().create_pair(token_0, token_1)
    },....

This adjustment ensures that liquidity providers can always add liquidity, even for new token pairs, thus enhancing the overall efficiency and user experience of the protocol.

Wanted to put this as minor but it is not showing up on the repo for some reason so I am putting it as a low

deuszx commented 10 months ago

In Router::calculate_liquidity: https://github.com/hats-finance/AlephZeroAMM-0x0d88a9ece90994ecb3ba704730819d71c139f60f/blob/0a7264d707aea51b559a1bf94448681b59660f6a/amm/contracts/router/lib.rs#L93-L95 which is in turn called at the beginning of both add_liquidity_native and add_liquidity.

deuszx commented 10 months ago

Thank you for participation. After carefully reviewing the submission we've concluded that this issue is INVALID.

We hope you participate in the future audits of ink!.