Open hats-bug-reporter[bot] opened 8 months ago
Github username: @ololade97 Twitter username: 97Sabit Submission hash (on-chain): 0x96043732b96e5885f6613024143e5239cc362f2d68a0f95e28014cfa8e9aebf4 Severity: high
Description: Description\ The comment in localSwap states that minOut should revert if the output is less than minimum.
@param minOut The minimum output the user wants. Otherwise, the transaction reverts.
The check if (minOut > out) revert ReturnInsufficient(out, minOut); compares minOut to the calculated output.
However, it checks minOut > out. It didn't check if out < minOut.
So if out is less than minOut, the check still passes when it should revert.
Attachments https://github.com/catalystdao/catalyst/blob/27b4d0a2bca177aff00def8cd745623bfbf7cb6b/evm/src/CatalystVaultVolatile.sol#L578
if (minOut > out) revert ReturnInsufficient(out, minOut);
Dublicate.
reednaa
commented
8 months ago reednaa
commented
8 months ago
Github username: @ololade97 Twitter username: 97Sabit Submission hash (on-chain): 0x96043732b96e5885f6613024143e5239cc362f2d68a0f95e28014cfa8e9aebf4 Severity: high
Description: Description\ The comment in localSwap states that minOut should revert if the output is less than minimum.
The check if (minOut > out) revert ReturnInsufficient(out, minOut); compares minOut to the calculated output.
However, it checks minOut > out. It didn't check if out < minOut.
So if out is less than minOut, the check still passes when it should revert.
Attachments https://github.com/catalystdao/catalyst/blob/27b4d0a2bca177aff00def8cd745623bfbf7cb6b/evm/src/CatalystVaultVolatile.sol#L578