DeFiHardhatOracleProxyUpdates
100,000 USDC
View results
Submission Details
Severity: low
Invalid

Require used twice with same condition in `ConvertFacet:convert`

Summary

In the ConvertFacet:convert require statement is used twice with the same check. I think one condition is for toAmount in here.

Vulnerability Details

Check the require statement in the code below

function convert(bytes calldata convertData, int96[] memory stems, uint256[] memory amounts)
external
payable
nonReentrant
returns (int96 toStem, uint256 fromAmount, uint256 toAmount, uint256 fromBdv, uint256 toBdv)
{
address toToken;
address fromToken;
uint256 grownStalk;
(toToken, fromToken, toAmount, fromAmount) = LibConvert.convert(convertData);
require(fromAmount > 0, "Convert: From amount is 0.");
require(fromAmount > 0, "Convert: From amount is 0."); //@dev why the same require statment used twice
LibSilo._mow(msg.sender, fromToken);
LibSilo._mow(msg.sender, toToken);
(grownStalk, fromBdv) = _withdrawTokens(fromToken, stems, amounts, fromAmount);
// calculate the bdv of the new deposit
uint256 newBdv = LibTokenSilo.beanDenominatedValue(toToken, toAmount);
toBdv = newBdv > fromBdv ? newBdv : fromBdv;
toStem = _depositTokensForConvert(toToken, toAmount, toBdv, grownStalk);
emit Convert(msg.sender, fromToken, toToken, fromAmount, toAmount);
}

Impact

Its not checking toAmount but checking fromAmount twice which is not good

Tools Used

Manual Review

Recommendations

Either remove one require or replace fromAmount with toAmount.

Updates

Lead Judging Commences

giovannidisiena Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Other
Assigned finding tags:

Informational/Invalid

Convert validation

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.