Handling of the return value from the exactInputSingle function call
Summary
Handling of the return value from the exactInputSingle function call, which represents the amount of WETH tokens received after the swap. In the current implementation of the sellProfits function, the return value of exactInputSingle is assigned to the same variable amount, which may lead to confusion and potential bugs.
Vulnerability Details
https://github.com/Cyfrin/2023-07-beedle/blob/main/src/Fees.sol#L26C1-L42C54
swapRouter.exactInputSingle(params) is called to perform the token swap. The exactInputSingle function is designed to return the actual amount of the output token (WETH in this case) received after the swap.
However, the return value from exactInputSingle is assigned back to the variable amount, which was previously used to store the input amount of _profits tokens before the swap:
Impact
By reusing the same variable, the contract overwrites the input amount with the output amount, potentially causing confusion or issues in subsequent code execution.
Tools Used
Manual Review
Recommendations
Using a separate variable, such as outputAmount, to store the return value of the exactInputSingle function makes the code easier to read and understand, as it clearly differentiates between the input and output amounts involved in the swap.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.