ctf_sec - CurveAdapter.sol does support function exchange_underlying method.

[sherlock-admin]

ctf_sec

medium

CurveAdapter.sol does support function exchange_underlying method.

Summary

CurveAdapter.sol does support function exchange_underlying method.

Vulnerability Detail

The current implementation of the CurveAdapter.sol only support the function exchange

       return (
            address(pool),
            abi.encodeWithSelector(
                ICurvePool.exchange.selector,
                i,
                j,
                trade.amount,
                trade.limit
            )
        );

however, there is limitation

From Curve Documentation

Like plain pools, lending pools have the exchange method. However, in the case of lending pools, calling exchange performs a swap between two wrapped tokens in the pool.

For example, calling exchange on the Compound Pool, would result in a swap between the wrapped tokens cDAI and cUSDC.

in this case, the function

StableSwap.exchange_underlying(i: int128, j: int128, dx: uint256, min_dy: uint256)→ uint256[](https://curve.readthedocs.io/exchange-pools.html#StableSwap.exchange_underlying)

comes in handy.

the function Perform an exchange between two underlying tokens. Index values can be found via the underlying_coins public getter method.

Source: https://curve.readthedocs.io/exchange-pools.html

Impact

Missing the function exchange_underlying method make the CurveAdapter.sol support only wrapped token but not underlying token.

Code Snippet

https://github.com/sherlock-audit/2022-09-notional/blob/main/leveraged-vaults/contracts/trading/adapters/CurveAdapter.sol#L25-L32

Tool used

Manual Review

Recommendation

We recommend the project add support for the method exchange_underlying