shubhzDev - Cumulative Records of tokens(tokenCumMap) are not updated correctly upon buying and selling tokens.

[sherlock-admin2]

shubhzDev

high

Cumulative Records of tokens(tokenCumMap) are not updated correctly upon buying and selling tokens.

High Severity

Summary

In internal _recordSwap() function the tokenCumMap[fromToken].cumulativeBid is not updated correctly,

instead of deducting,its values like this tokenCumMap[fromToken].cumulativeBid -= fromAmount;

It has been increased to tokenCumMap[fromToken].cumulativeBid += fromAmount;

Vulnerability Detail

When a user calls sellToken/buyToken then he basically swaps fromToken to toToken. However, in the internal method _recordSwap() tokenCumMap[fromToken].cumulativeBid is not decreased by the fromAmount amount.

Impact

Any user with malicious intend can use this bug to repeatedly buy and sell tokens desired tokens in exchange of x token and will never run out of x token.

Code Snippet

https://github.com/sherlock-audit/2023-12-dodo/blob/main/dodo-v3/contracts/DODOV3MM/D3Pool/D3Trading.sol#L251 https://github.com/sherlock-audit/2023-12-dodo/blob/main/dodo-v3/contracts/DODOV3MM/D3Pool/D3Trading.sol#L125 https://github.com/sherlock-audit/2023-12-dodo/blob/main/dodo-v3/contracts/DODOV3MM/D3Pool/D3Trading.sol#L167

Tool used

Manual Review

Recommendation

Decrease the tokenCumMap[fromToken].cumulativeBid by fromAmount in _recordSwap() function:

tokenCumMap[fromToken].cumulativeBid -= fromAmount

[nevillehuang]

Invalid, no issue here, you bid from token to swap to ask for to token, incrementation is correct.