In the function _setAltTick, the tick range for the alternative position altPosition is set. However, there is a specific scenario identified where the tick positions might not be updated when amount0 == bal1. This could potentially lead to suboptimal liquidity placement and reduced rewards for the strategy.
Vulnerability Detail
In the code below, we see amount0 > 0 as it is a function of bal0 and price(), there is a possibility the value of amount0 is equal to bal1, and for this scenario, the positionAlt is not updated and becomes stale until the condition changes during rebalancing.
function _setAltTick(int24 tick, int24 distance, int24 width) private {
(uint256 bal0, uint256 bal1) = balancesOfThis();
// We calculate how much token0 we have in the price of token1.
uint256 amount0;
if (bal0 > 0) {
amount0 = bal0 * price() / PRECISION;
}
// We set the alternative position based on the token that has the most value available.
if (amount0 < bal1) {
(positionAlt.tickLower, ) = TickUtils.baseTicks(
tick,
width,
distance
);
(positionAlt.tickUpper, ) = TickUtils.baseTicks(
tick,
distance,
distance
);
} else if (bal1 < amount0) {
(, positionAlt.tickLower) = TickUtils.baseTicks(
tick,
distance,
distance
);
(, positionAlt.tickUpper) = TickUtils.baseTicks(
tick,
width,
distance
);
}
}
Impact
Medium impact as this could potentially lead to suboptimal liquidity placement and reduced rewards for the strategy.
John_Femi
medium
positionAlt tick is stale for amount0 == bal1
Summary
In the function
_setAltTick, the tick range for the alternative positionaltPositionis set. However, there is a specific scenario identified where the tick positions might not be updated when amount0 == bal1. This could potentially lead to suboptimal liquidity placement and reduced rewards for the strategy.Vulnerability Detail
In the code below, we see amount0 > 0 as it is a function of
bal0 and price(), there is a possibility the value of amount0 is equal to bal1, and for this scenario, thepositionAltis not updated and becomes stale until the condition changes during rebalancing.Impact
Medium impact as this could potentially lead to suboptimal liquidity placement and reduced rewards for the strategy.
Code Snippet
https://github.com/sherlock-audit/2024-05-beefy-cowcentrated-liquidity-manager/blob/main/cowcentrated-contracts/contracts/strategies/velodrome/StrategyPassiveManagerVelodrome.sol#L649-L685
Tool used
Manual Review
Recommendation
Add a condition for
amount0 == bal1Duplicate of #38