Potential Liquidity Depletion in Swap Function Due to AmountOut Exceeding Liquidity Reserves and Resulting Solvency Risks
name: Audit item
about: These are the audit items that end up in the report
title: ""
labels: ""
assignees: ""
Summary
Two issues have been identified in the JalaPair contract's swap() function that could lead to liquidity risks:
The swap() function permits scenarios where one token's liquidity can be entirely depleted from the pool. This is due to an inadequate conditional check that fails to prevent the liquidity reserves from being completely drained.
The function also improperly applies flash loan fees by adjusting the output amounts (amount0Out, amount1Out) after the initial liquidity reserve check. This can result in the reserves being reduced beyond the intended amounts.
Vulnerability Detail
The swap() function's conditional check is not robust enough to prevent the total depletion of a token's liquidity from the pool. It allows transactions where the output amount (amount0Out or amount1Out) is equal to the token's reserve, which could lead to a state where the pool has zero liquidity for that token.
See line 213, the conditional check fails to revert the transaction when the amountOut is equal to the reserve. This is in contrast to the UniswapV2Pair contract, where a similar check on line 162 ensures that the transaction is reverted if the amountOut is equal to or exceeds the reserve, providing stronger protection against liquidity depletion.
The swap() function adjusts the output amounts for flash loan fees after performing the liquidity check, which could lead to the reserves being drawn down more than what was accounted for in the initial check. This can cause the reserves to be lower than expected.
Please note that at lines 231 and 239, the amountOut values are updated after the liquidity checks have been performed at line 213. This sequence of operations could lead to discrepancies between the checked and actual amounts withdrawn from the reserves.
Impact
This could effectively disable the pool's ability to facilitate further swaps for the affected token, disrupt market operations, and potentially lead to a loss of the stability and reliability of the liquidity pool. And this issues could disrupt the pricing mechanism of the pool, affect the integrity of transactions, and pose significant financial risks to liquidity providers and users interacting with the pool.
Tool used
Manual Review
Recommendation
Please move the InsufficientLiquidity check after the fee calculation.
0xAadi
medium
Potential Liquidity Depletion in
Swap
Function Due to AmountOut Exceeding Liquidity Reserves and Resulting Solvency Risksname: Audit item about: These are the audit items that end up in the report title: "" labels: "" assignees: ""
Summary
Two issues have been identified in the
JalaPair
contract'sswap()
function that could lead to liquidity risks:The
swap()
function permits scenarios where one token's liquidity can be entirely depleted from the pool. This is due to an inadequate conditional check that fails to prevent the liquidity reserves from being completely drained.The function also improperly applies flash loan fees by adjusting the output amounts (
amount0Out
,amount1Out
) after the initial liquidity reserve check. This can result in the reserves being reduced beyond the intended amounts.Vulnerability Detail
swap()
function's conditional check is not robust enough to prevent the total depletion of a token's liquidity from the pool. It allows transactions where the output amount (amount0Out
oramount1Out
) is equal to the token's reserve, which could lead to a state where the pool has zero liquidity for that token.https://github.com/sherlock-audit/2024-02-jala-swap/blob/030d3ed54214754301154bce0e58ea534100a7e3/jalaswap-dex-contract/contracts/JalaPair.sol#L213
See line 213, the conditional check fails to revert the transaction when the
amountOut
is equal to thereserve
. This is in contrast to theUniswapV2Pair
contract, where a similar check on line 162 ensures that the transaction is reverted if theamountOut
is equal to or exceeds thereserve
, providing stronger protection against liquidity depletion.https://github.com/Uniswap/v2-core/blob/ee547b17853e71ed4e0101ccfd52e70d5acded58/contracts/UniswapV2Pair.sol#L162
swap()
function adjusts the output amounts for flash loan fees after performing the liquidity check, which could lead to the reserves being drawn down more than what was accounted for in the initial check. This can cause the reserves to be lower than expected.https://github.com/sherlock-audit/2024-02-jala-swap/blob/030d3ed54214754301154bce0e58ea534100a7e3/jalaswap-dex-contract/contracts/JalaPair.sol#L231 https://github.com/sherlock-audit/2024-02-jala-swap/blob/030d3ed54214754301154bce0e58ea534100a7e3/jalaswap-dex-contract/contracts/JalaPair.sol#L239
Please note that at lines 231 and 239, the
amountOut
values are updated after the liquidity checks have been performed at line 213. This sequence of operations could lead to discrepancies between the checked and actual amounts withdrawn from the reserves.Impact
This could effectively disable the pool's ability to facilitate further swaps for the affected token, disrupt market operations, and potentially lead to a loss of the stability and reliability of the liquidity pool. And this issues could disrupt the pricing mechanism of the pool, affect the integrity of transactions, and pose significant financial risks to liquidity providers and users interacting with the pool.
Tool used
Manual Review
Recommendation
Please move the
InsufficientLiquidity
check after the fee calculation.Duplicate of #228