_sharesTotalSupply not clearly defined in contract
Summary
The value for _sharesTotalSupply is not clearly defined in the contract.
Vulnerability Detail
The params mention that _sharesTotalSupply is the the total supply of shares of the pool. It is not clear how this figure will or should be derived to input into the function tokenToShares in Pool.sol. There is also no verification done to ensure that this input is correcly entered.
This would affect the function tokenToShares, impact calculations to derive shares and _shares, and thereafter impact calculations and amounts that are dependent on them.
hl_
medium
_sharesTotalSupplynot clearly defined in contractSummary
The value for
_sharesTotalSupplyis not clearly defined in the contract.Vulnerability Detail
The params mention that _sharesTotalSupply is the the total supply of shares of the pool. It is not clear how this figure will or should be derived to input into the function
tokenToSharesinPool.sol. There is also no verification done to ensure that this input is correcly entered.This would affect the function
tokenToShares, impact calculations to derivesharesand_shares, and thereafter impact calculations and amounts that are dependent on them.Impact
See above.
Code Snippet
https://github.com/sherlock-audit/2023-02-surge/blob/main/surge-protocol-v1/src/Pool.sol#L193-L203
https://github.com/sherlock-audit/2023-02-surge/blob/main/surge-protocol-v1/src/Pool.sol#L324-L325
Tool used
Manual Review
Recommendation
Clearly define how
_sharesTotalSupplyis/ should be derived and include checks to ensure that the amount input is correct.