search

sherlock-audit / 2024-05-napier-update-judging

8 stars 7 forks source link

KupiaSec - MetapoolRouter.swapETHForPt() reverts due to a typo in a function parameter #76

Closed sherlock-admin4 closed 3 months ago

sherlock-admin4 commented 3 months ago

KupiaSec

medium

MetapoolRouter.swapETHForPt() reverts due to a typo in a function parameter

Summary

There is a typo in a function call in MetapoolRouter.swapETHForPt(). As a result, MetapoolRouter.swapETHForPt() reverts and doesn't work.

Vulnerability Detail

MetapoolRouter.swapETHForPt() swaps WETH for the base pool token of NapierPool.

MetapoolRouter.sol

143:         ethSpent = triLSTPool.swapUnderlyingForExactBaseLpToken({baseLpOut: basePoolTokenAmount, recipient: metapool});

NapierPool.swapUnderlyingForExactBaseLpToken() accepts baseLptOut parameter instead of baseLpOut.

NapierPool.sol
459:     function swapUnderlyingForExactBaseLpToken(uint256 baseLptOut, address recipient)

As a result, MetapoolRouter.swapETHForPt() will revert and it doesn't work at all.

Impact

MetapoolRouter.swapETHForPt() doesn't work.

Tool used

Manual Review

Code Snippet

https://github.com/sherlock-audit/2024-05-napier-update/tree/main/metapool-router/src/MetapoolRouter.sol#L143

https://github.com/sherlock-audit/2024-05-napier-update/blob/main/metapool-router/lib/v1-pool/src/NapierPool.sol#L459

Recommendation

Use the correct parameter baseLptOut instead of baseLpOut.

z3s commented 3 months ago

It calls INapierPool.sol#L91 function swapUnderlyingForExactBaseLpToken(uint256 baseLpOut, address recipient) external returns (uint256); So parameter name is okay.