Open hats-bug-reporter[bot] opened 10 months ago
In Router::calculate_liquidity
:
https://github.com/hats-finance/AlephZeroAMM-0x0d88a9ece90994ecb3ba704730819d71c139f60f/blob/0a7264d707aea51b559a1bf94448681b59660f6a/amm/contracts/router/lib.rs#L93-L95
which is in turn called at the beginning of both add_liquidity_native and add_liquidity.
Thank you for participation. After carefully reviewing the submission we've concluded that this issue is INVALID.
We hope you participate in the future audits of ink!.
Github username: @JJtheAndroid Twitter username: -- Submission hash (on-chain): 0x110cecdb5499edabc58710f40760dacbd2d998370823e00dc93728975e29afbe Severity: low
Description: Description\
A pool should be created in function add_liquidity if one does not exist
In uniswap V2, (which this protocol is heavily inspired by), in the add liquidity function, there is a check that if a pair contract has not been created yet for a pair when adding liquidity, one gets created.
https://github.com/Uniswap/v2-periphery/blob/0335e8f7e1bd1e8d8329fd300aea2ef2f36dd19f/contracts/UniswapV2Router01.sol#L40
There is no such check made in router contract.
https://github.com/hats-finance/AlephZeroAMM-0x0d88a9ece90994ecb3ba704730819d71c139f60f/blob/0a7264d707aea51b559a1bf94448681b59660f6a/amm/contracts/router/lib.rs#L242
It is strongly recommended to implement a logic similar to Uniswap V2. This means adding a check in the add_liquidity function to verify if a pool exists for the token pair. If not, the function should proceed to create a new pair contract.
You could something like this in the add_liquidity function
This adjustment ensures that liquidity providers can always add liquidity, even for new token pairs, thus enhancing the overall efficiency and user experience of the protocol.
Wanted to put this as minor but it is not showing up on the repo for some reason so I am putting it as a low