search

sherlock-audit / 2024-03-arrakis-judging

2 stars 2 forks source link

Patreeciy - the function does not match its description #39

Closed sherlock-admin2 closed 3 months ago

sherlock-admin2 commented 3 months ago

Patreeciy

medium

the function does not match its description

Summary

The getTokenName function uses symbol instead of name

Vulnerability Detail

The description of the getTokenName function specifies get Arrakis Modular standard token name for two corresponding tokens, which turns out not a name but a symbol

Impact

Violation of the logic of the protocol, due to duplication of functions

Code Snippet

https://github.com/sherlock-audit/2024-03-arrakis/blob/main/arrakis-modular/src/ArrakisMetaVaultFactory.sol#L322

    /// @notice get Arrakis Modular standard token name for two corresponding tokens.
    /// @param token0_ address of the first token.
    /// @param token1_ address of the second token.
    /// @return name name of the arrakis modular token vault.
    function getTokenName(
        address token0_,
        address token1_
    ) public view returns (string memory) {
        string memory symbol0 = IERC20Metadata(token0_).symbol();
        string memory symbol1 = IERC20Metadata(token1_).symbol();
        return _append("Arrakis Modular ", symbol0, "/", symbol1);
    }

Tool used

Manual Review

Recommendation

    function getTokenName(
        address token0_,
        address token1_
    ) public view returns (string memory) {
        string memory name0= IERC20Metadata(token0_).name();
        string memory name1= IERC20Metadata(token1_).name();
        return _append("Arrakis Modular ", name0, "/", name1);
    }