Closed sherlock-admin2 closed 6 months ago
Invalid, seem to be duplicate of #246, so see comment there for invalidation reason. Additionally, there is no issue with getReserves
given users would be incentivized to rebalance pool and uniswapv2 employs an identical core logic as seen here
SK
high
Price Manipulation by Adding Liquidity
Summary
The optimizer calculation is inconsistence, which allows user to manipulate the price via the addLiquidity function.
Vulnerability Detail
When the user want to add liquidity to the pool. It will first go thought the optimizer at line 43 . This is to keep track the ratio to prevent the user manipulate the price.
Impact
User might lose the token due to the inconsistent calculation.
Code Snippet
POC
You may check the pair token value by adding at the addLiquidity function (line 60) in JalaRouter02
Tool used
Manual Review
Recommendation
Make sure the optimizer work in both way.
Duplicate of #246