Submission Details
Severity:
QA: `ConstantProduct2::calcRate()` - it's not obvious to all users/callers that `i` & `j` represent a specific sequence.
QA:
ConstantProduct2::calcRate()- it's not obvious to all users/callers thati&jrepresent a specific sequence.
It's important to make it clear that they represent not only a specific sequence, but represent two tokens to be swapped. Reserve token i being swapped for reserve token j, i.e. to calc their exchange rate before a swap.
Risk: It's easy enough to make the mistake to calculate exchage rate for a swap from i to j, but then swap from j to i, or vice versa.
function calcRate(
uint256[] calldata reserves,
uint256 i,
uint256 j,
bytes calldata
) external pure returns (uint256 rate) {
return reserves[i] * CALC_RATE_PRECISION / reserves[j];
}
Recommendation:
+ /// With a recommended natspec comment here to explain i & j clearly
function calcRate(
uint256[] calldata reserves,
- uint256 i,
+ uint256 i_Sell,
- uint256 j,
+ uint256 j_Buy,
bytes calldata
) external pure returns (uint256 rate) {
- return reserves[i] * CALC_RATE_PRECISION / reserves[j];
+ return reserves[i_Sell] * CALC_RATE_PRECISION / reserves[j_Buy];
}
Updates
Lead Judging Commences
giovannidisiena about 1 year ago
Submission Judgement Published Reason: Non-acceptable severity
Assigned finding tags:
Informational/Invalid
Prize pool breakdown
Total prize
12,000 USDC
nSLOC
47925 USDC / LOC
10,000 USDC
1,000 USDC
1,000 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.