MorpheusAI

Foundry

22,500 USDC

View results

Previous Next

Submission Details

Severity: medium

Invalid

Discrepancy between the external function parameters and the internal variable names in `increaseLiquidityCurrentRange`

KeyKiril

Summary

In the external function signature, the parameter names are depositTokenAmountAdd_ and rewardTokenAmountAdd_, while in the internal part of the function, are used amountAdd0_ and amountAdd1_.

Vulnerability Details

function increaseLiquidityCurrentRange(

uint256 tokenId_,

uint256 depositTokenAmountAdd_,

uint256 rewardTokenAmountAdd_,

uint256 depositTokenAmountMin_,

uint256 rewardTokenAmountMin_

) external onlyOwner returns (uint128 liquidity_, uint256 amount0_, uint256 amount1_) {

uint256 amountAdd0_;

uint256 amountAdd1_;

uint256 amountMin0_;

uint256 amountMin1_;

(, , address token0_, , , , , , , , , ) = INonfungiblePositionManager(nonfungiblePositionManager).positions(

tokenId_

);

if (token0_ == params.tokenIn) {

amountAdd0_ = depositTokenAmountAdd_;

amountAdd1_ = rewardTokenAmountAdd_;

amountMin0_ = depositTokenAmountMin_;

amountMin1_ = rewardTokenAmountMin_;

} else {

amountAdd0_ = rewardTokenAmountAdd_;

amountAdd1_ = depositTokenAmountAdd_;

amountMin0_ = rewardTokenAmountMin_;

amountMin1_ = depositTokenAmountMin_;

}

In the if condition block, you correctly use depositTokenAmountAdd_ and rewardTokenAmountAdd_, but in the subsequent else block, you mistakenly use rewardTokenAmountAdd_ as amountAdd0_ and depositTokenAmountAdd_ as amountAdd1_.

Impact

The incorrect input values in the function may lead to a revert and making the function unusable.

Tools Used

Manual Review

Recommendations

You might want to update the internal variable names to match the external parameter names like this:

if (token0_ == params.tokenIn) {

amountAdd0_ = depositTokenAmountAdd_;

amountAdd1_ = rewardTokenAmountAdd_;

amountMin0_ = depositTokenAmountMin_;

amountMin1_ = rewardTokenAmountMin_;

} else {

amountAdd0_ = rewardTokenAmountAdd_;

amountAdd1_ = depositTokenAmountAdd_;

amountMin0_ = rewardTokenAmountMin_;

amountMin1_ = depositTokenAmountMin_;

}

This correction ensures that the internal variable names align with the corresponding external parameter names, resolving the discrepancy.

Updates

Lead Judging Commences

inallhonesty Lead Judge over 1 year ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Prize pool breakdown

Total prize

22,500 USDC

nSLOC

1,054

21 USDC / LOC

High Medium

20,000 USDC

Low

2,500 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.