search

sherlock-audit / 2023-11-olympus-judging

9 stars 7 forks source link

tvdung94 - BunniSupply::getProtocolOwnedLiquidityReserves() returns incorrect amount of reserves #117

Closed sherlock-admin closed 6 months ago

sherlock-admin commented 6 months ago

tvdung94

high

BunniSupply::getProtocolOwnedLiquidityReserves() returns incorrect amount of reserves

Summary

BunniSupply::getProtocolOwnedLiquidityReserves() gives incorrect amount of reserves

Vulnerability Detail

The amount of reserves returned from this method is the amount of reserves for the whole supply (total supply) of bunni tokens, not the amount that the protocol owns. There are missing steps to calculate protocol-owned amount, for each iteration of the loop:

  1. Get the amount of shares (amount of bunni token) that the protocol owns.
  2. Convert it to an equivalent amount of reserves. 
    BunniKey memory key = _getBunniKey(token);
        (
            address token0,
            address token1,
            uint256 reserve0,
            uint256 reserve1
>>>         ) = _getReservesWithFees(key, lens);
  function _getReservesWithFees(
        BunniKey memory key_,
        BunniLens lens_
    ) internal view returns (address, address, uint256, uint256) {
       >>> (uint112 reserve0, uint112 reserve1) = lens_.getReserves(key_);
        (uint256 fee0, uint256 fee1) = lens_.getUncollectedFees(key_);

        return (key_.pool.token0(), key_.pool.token1(), reserve0 + fee0, reserve1 + fee1);
    }
>>> function getReserves( //@audit reserve of whole supply of bunni token representing this position range
        BunniKey calldata key
    ) external view override returns (uint112 reserve0, uint112 reserve1) {
        (uint128 existingLiquidity, , , , ) = key.pool.positions(
            keccak256(abi.encodePacked(address(hub), key.tickLower, key.tickUpper))
        );
        return _getReserves(key, existingLiquidity);
    }

Impact

Display wrong results, potentially disrupting accounting.

Code Snippet

https://github.com/sherlock-audit/2023-11-olympus/blob/main/bophades/src/modules/SPPLY/submodules/BunniSupply.sol#L212-L260

Tool used

Manual Review

Recommendation

Consider implement the missing steps

Duplicate of #172

nevillehuang commented 6 months ago

@0xJem this seems to be a duplicate of #172, do you agree?

0xJem commented 6 months ago

Yes