Closed sherlock-admin2 closed 6 months ago
@ydspa
I think this severity can be informational. I agree that the recommended change would be better for safety.
The AMM will stop working unexpectedly when the preTradeExchangeRate is 1.0.
I think the suggested issue never happens.
At Line 219, it requires that the preTradeExchangeRate be larger than 1.0. However, technically, the exchange rate can be 1.0 based on the comment in Line 213 that the exchange rate should not be below one, which means that the exchange rate should be 1.0 or above. Thus, when the preTradeExchangeRate is 1.0, the AMM will revert unexpectedly.
For the preTradeExchangeRate
to be 1, lastImpliedRate
must become zero.
However, as you can see from the following snippet, lastImpliedRate
never becomes zero.
function _setPostPoolState(
PoolState memory pool,
PoolPreCompute memory comp,
int256 netBaseLptToAccount,
int256 netUnderlyingToAccount18,
int256 netUnderlyingToProtocol18
) internal view {
.....
if (pool.lastLnImpliedRate == 0) revert Errors.PoolZeroLnImpliedRate();
}
This zero check is seen in Pendle as well.
Every swaps, lastImpliedRate is updated and used in the next swap. https://github.com/sherlock-audit/2024-01-napier/blob/6313f34110b0d12677b389f0ecb3197038211e12/v1-pool/src/libs/PoolMath.sol#L176
function computeAmmParameters(PoolState memory pool) internal view returns (PoolPreCompute memory cache) {
uint256 timeToExpiry = pool.maturity - block.timestamp;
cache.rateScalar = _getRateScalar(pool, timeToExpiry);
cache.rateAnchor = _getRateAnchor(
pool.totalBaseLptTimesN, pool.lastLnImpliedRate, pool.totalUnderlying18, cache.rateScalar, timeToExpiry
);
cache.feeRate = _getExchangeRateFromImpliedRate(pool.lnFeeRateRoot, timeToExpiry);
}
function executeSwap(PoolState memory pool, int256 netBaseLptToAccount)
internal
view
returns (int256 netUnderlyingToAccount18, int256 netUnderlyingFee18, int256 netUnderlyingToProtocol18)
{
....
_setPostPoolState(pool, comp, netBaseLptToAccount, netUnderlyingToAccount18, netUnderlyingToProtocol18);
}
Escalate
on behalf of sponsor. Note: I have not read through issue myself. @cvetanovv @massun-onibakuchi @Czar102
Escalate
on behalf of sponsor. Note: I have not read through issue myself. @cvetanovv @massun-onibakuchi @Czar102
You've created a valid escalation!
To remove the escalation from consideration: Delete your comment.
You may delete or edit your escalation comment anytime before the 48-hour escalation window closes. After that, the escalation becomes final.
I agree with the escalation and the comment of the sponsor.
The protocol team fixed this issue in PR/commit https://github.com/napierfi/v1-pool/pull/155.
In that case, planning to accept the escalation and invalidate the issue.
Result: Invalid Unique
The Lead Senior Watson signed off on the fix.
xiaoming90
medium
AMM will revert if exchange rate is one
Summary
The AMM will stop working unexpectedly when the
preTradeExchangeRate
is 1.0.Vulnerability Detail
https://github.com/sherlock-audit/2024-01-napier/blob/main/v1-pool/src/libs/PoolMath.sol#L213
At Line 219, it requires that the
preTradeExchangeRate
be larger than 1.0. However, technically, the exchange rate can be 1.0 based on the comment in Line 213 that the exchange rate should not be below one, which means that the exchange rate should be 1.0 or above. Thus, when thepreTradeExchangeRate
is 1.0, the AMM will revert unexpectedly.Impact
The AMM might stop working unexpectedly. Breaking of core protocol/contract functionality.
Code Snippet
https://github.com/sherlock-audit/2024-01-napier/blob/main/v1-pool/src/libs/PoolMath.sol#L213
Tool used
Manual Review
Recommendation
Consider making the following change:
Sidenote: This is also implemented in Pendle's Math Library