Submission Details
Severity:
In `TSwapPool::_swap` function there is a use of literal & no event return after token transfer
Summary
function _swap(
IERC20 inputToken,
uint256 inputAmount,
IERC20 outputToken,
uint256 outputAmount
) private {
if (
_isUnknown(inputToken) ||
_isUnknown(outputToken) ||
inputToken == outputToken
) {
revert TSwapPool__InvalidToken();
}
swap_count++;
if (swap_count >= SWAP_COUNT_MAX) {
swap_count = 0;
-->> outputToken.safeTransfer(msg.sender, 1_000_000_000_000_000_000); // don't use literals
}
emit Swap(
msg.sender,
inputToken,
inputAmount,
outputToken,
outputAmount
);
inputToken.safeTransferFrom(msg.sender, address(this), inputAmount);
outputToken.safeTransfer(msg.sender, outputAmount);
-->> // should emit a event that tokens are transferred
}
Tools Used
Manual Review
Recommendations
Use constants in place of literals
Emit an event ater tokens are transferred
Rewards breakdown
nSLOC
276This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.