First Flight #18: T-Swap

First Flight #18

Beginner FriendlyDeFiFoundry

100 EXP

View results

Previous Next

Submission Details

Severity: medium

Invalid

`TSwapPool::deposit` must have verification if `maximumPoolTokensToDeposit` is different to zero and equal or greather than `minimumLiquidityTokensToMint`

0xjoaovictor

Summary

The function TSwapPool::deposit must have verification if the variable maximumPoolTokensToDeposit is different to zero and equal or greather than minimumLiquidityTokensToMint

Vulnerability Details

When TSwapPool::deposit is called we don't have a verification if the maximumPoolTokensToDeposit variable is zero and equal or greather than minimumLiquidityTokensToMint to have a valid parameter, as we can see below:

function deposit(

uint256 wethToDeposit,

uint256 minimumLiquidityTokensToMint,

uint256 maximumPoolTokensToDeposit,

uint64 deadline

)

external

revertIfZero(wethToDeposit)

returns (uint256 liquidityTokensToMint)

{

...

Impact

If the maximumPoolTokensToDeposit is zero or less than the minimumLiquidityTokensToMint the deposit will be invalid.

Tools Used

Solidity and Foundry

Proof of Concept

Add the following PoC to test/unit/TSwapPool.t.sol:

function testIfMaximumPoolTokensToDepositIsZeroOrLessThanMinimumLiquidityTokensToMint() public {

vm.startPrank(liquidityProvider);

uint256 wethToDeposit = 200e18;

uint256 minimumLiquidityTokensToMint = 1;

uint256 maximumPoolTokensToDeposit = 0;

uint64 deadline = uint64(block.timestamp);

weth.approve(address(pool), wethToDeposit);

poolToken.approve(address(pool), wethToDeposit);

vm.expectRevert(TSwapPool.TSwapPool__MustBeMoreThanZero.selector);

pool.deposit(

wethToDeposit, minimumLiquidityTokensToMint, maximumPoolTokensToDeposit, deadline

);

minimumLiquidityTokensToMint = 10;

maximumPoolTokensToDeposit = 9;

vm.expectRevert(TSwapPool.TSwapPool__MaximumPoolTokensToDepositMustBeEqualOrMoreThanMinimumLiquidityTokensToMint.selector);

pool.deposit(

wethToDeposit, minimumLiquidityTokensToMint, maximumPoolTokensToDeposit, deadline

);

vm.stopPrank();

}

Recommendations

You need to add the custom error in the src/TSwapPool.sol:

error TSwapPool__MustBeMoreThanZero();

+ error TSwapPool__MaximumPoolTokensToDepositMustBeEqualOrMoreThanMinimumLiquidityTokensToMint();

And add the verification on TSwapPool::deposit:

function deposit(

uint256 wethToDeposit,

uint256 minimumLiquidityTokensToMint,

uint256 maximumPoolTokensToDeposit,

uint64 deadline

)

external

revertIfZero(wethToDeposit)

+ revertIfZero(maximumPoolTokensToDeposit)

returns (uint256 liquidityTokensToMint)

{

+ if(minimumLiquidityTokensToMint > maximumPoolTokensToDeposit) {

+ revert TSwapPool__MaximumPoolTokensToDepositMustBeEqualOrMoreThanMinimumLiquidityTokensToMint();

+ }

if (wethToDeposit < MINIMUM_WETH_LIQUIDITY) {

revert TSwapPool__WethDepositAmountTooLow(

MINIMUM_WETH_LIQUIDITY,

wethToDeposit

);

}

Updates

Appeal created

inallhonesty Lead Judge about 1 year ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Rewards breakdown

nSLOC

276

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.