Closed sherlock-admin4 closed 3 months ago
1 comment(s) were left on this issue during the judging contest.
DHTNS commented:
Low -> seems like a code comment error + even if it isnt that's not medium issue as no core functionality broke & no funds lost due to smart contract + fund loss will only occur due to admin error + but up for debate sponsor should comment in
blackhole
medium
The maximum tick deviation should be less than or equal to 4 times the tick spacing in the setDeviation function
Summary
According to the code comments, The setDeviation function should ensure that
maxTickDeviation
is less than or equal to 4 times the tick spacing. This requirement is currently not properly enforced, potentially allowingmaxTickDeviation
to be set incorrectly.Vulnerability Detail
contracts/strategies/velodrome/StrategyPassiveManagerVelodrome.sol#L709
Impact
The maxTickDeviation cannot be set to exactly 4 times the tick spacing due to the current condition
Code Snippet
https://github.com/sherlock-audit/2024-05-beefy-cowcentrated-liquidity-manager/blob/main/cowcentrated-contracts/contracts/strategies/velodrome/StrategyPassiveManagerVelodrome.sol#L709
Tool used
Manual Review
Recommendation
It's recommended to change the condition to properly allow maxTickDeviation to be set to 4 times the tick spacing or less.
Duplicate of #33