sherlock-audit / 2023-04-unitasprotocol-judging

4 stars 3 forks source link

yy - The `_convert` function reverts if neither `fromToken` nor `toToken` is the quoteToken. #26

Closed sherlock-admin closed 1 year ago

sherlock-admin commented 1 year ago

yy

medium

The _convert function reverts if neither fromToken nor toToken is the quoteToken.

Summary

Vulnerability Detail

When the fromToken (the token being sold) is the quoteToken. In this case, it directly calculates the amount of toToken (the token being bought) based on the price of toToken in terms of the quoteToken.

When the toToken (the token being bought) is the quoteToken. In this case, it directly calculates the amount of toToken based on the price of fromToken in terms of the quoteToken.

However, the function does not handle the case where neither the fromToken nor the toToken is the quoteToken. In other words, if you're trying to swap Token A for Token B, and neither of these tokens is the quoteToken, the function will revert because it doesn't know how to handle this scenario.

Impact

The impact of the _convert function reverting when neither fromToken nor toToken is the quoteToken is that it limits the types of token swaps that can be performed.

Code Snippet

https://github.com/sherlock-audit/2023-04-unitasprotocol/blob/main/Unitas-Protocol/src/SwapFunctions.sol#L173

Tool used

Manual Review

Recommendation

Add a conversion path that handles the case where neither fromToken nor toToken is the quoteToken.