Missing lower bound check for K (Swap curve parameter)
Summary
In theGSP.sol contract, the parameter K plays a significant role in initialization and the parameter K is missing the lower bound check.
Vulnerability Detail
The Swap curve parameterK lacks the lower bound check and only has the upper bound check, the developer has clearly mentioned in the comment that K should be greater than zero but failed to add lower bound checks to it, it is extremely important to add a lower bound check toKwhen we need theK to be Greater than 0.
0xBhumii
medium
Missing lower bound check for K (Swap curve parameter)
Summary
In the
GSP.solcontract, the parameterKplays a significant role in initialization and the parameter K is missing the lower bound check.Vulnerability Detail
The Swap curve parameter
Klacks the lower bound check and only has the upper bound check, the developer has clearly mentioned in the comment that K should be greater than zero but failed to add lower bound checks to it, it is extremely important to add a lower bound check toKwhen we need theKto be Greater than 0.Impact
May cause unusual behaviors
Code Snippet
https://github.com/sherlock-audit/2023-12-dodo-gsp/blob/main/dodo-gassaving-pool/contracts/GasSavingPool/impl/GSP.sol#L58C8-L58C30
require(k <= 10**18);Tool used
Manual Review
Recommendation
Add lower bound check to the code to avoid any unusual behavior.
require(k >0 && <= 10**18);Duplicate of #76