search

sherlock-audit / 2024-02-jala-swap-judging

6 stars 4 forks source link

Nyxaris - Potential manipulation of liquidity pools due to tokens with arbitrary minting capabilities. #175

Closed sherlock-admin2 closed 6 months ago

sherlock-admin2 commented 6 months ago

Nyxaris

high

Potential manipulation of liquidity pools due to tokens with arbitrary minting capabilities.

Summary

Potential manipulation of liquidity pools due to tokens with arbitrary minting capabilities.

Vulnerability Detail

The _addLiquidityfunction is designed to add liquidity based on current reserves of the token pair. If a token in the pair can be arbitrarily minted, an attacker could inflate the reserves by depositing a large number of minted tokens just before a legitimate liquidity addition transaction is confirmed, thus affecting the price ratio and the amount of liquidity tokens the user receives.

Impact

Users may receive fewer liquidity tokens than expected, leading to a loss of funds

Code Snippet

code

function _addLiquidity(
        address tokenA,
        address tokenB,
        uint256 amountADesired,
        uint256 amountBDesired,
        uint256 amountAMin,
        uint256 amountBMin
    ) internal virtual returns (uint256 amountA, uint256 amountB) {
        // create the pair if it doesn't exist yet
        if (IJalaFactory(factory).getPair(tokenA, tokenB) == address(0)) {
            IJalaFactory(factory).createPair(tokenA, tokenB);
        }
        (uint256 reserveA, uint256 reserveB) = JalaLibrary.getReserves(factory, tokenA, tokenB);
        if (reserveA == 0 && reserveB == 0) {
            (amountA, amountB) = (amountADesired, amountBDesired);
        } else {
            uint256 amountBOptimal = JalaLibrary.quote(amountADesired, reserveA, reserveB);
            if (amountBOptimal <= amountBDesired) {
                if (amountBOptimal < amountBMin) revert InsufficientBAmount();
                (amountA, amountB) = (amountADesired, amountBOptimal);
            } else {
                uint256 amountAOptimal = JalaLibrary.quote(amountBDesired, reserveB, reserveA);
                assert(amountAOptimal <= amountADesired);
                if (amountAOptimal < amountAMin) revert InsufficientAAmount();
                (amountA, amountB) = (amountAOptimal, amountBDesired);
            }
        }
    }

Tool used

Manual Review

Recommendation

Tokens with arbitrary minting capabilities should not be allowed in liquidity pools, or their minting function should be restricted to a governance process. Implement additional validation to detect significant changes in reserves that occur between the initiation and execution of liquidity addition transactions.

Duplicate of #246