Submission Details
Severity:
`TSwapPool:getInputAmountBasedOnOutput` function is doing wrong calculation which is taking more tokens as a fee from the user
Summary
TSwapPool:getInputAmountBasedOnOutputfunction is doing wrong calculation which is taking more tokens than expected from the user.
Vulnerability Details
TSwapPool:getInputAmountBasedOnOutputfunction is doing wrong calculation which is taking more tokens than expected from the user.
function getInputAmountBasedOnOutput(
uint256 outputAmount,
uint256 inputReserves,
uint256 outputReserves
)
public
pure
revertIfZero(outputAmount)
revertIfZero(outputReserves)
returns (uint256 inputAmount)
{
return
@> ((inputReserves * outputAmount) * 10000) /
((outputReserves - outputAmount) * 997);
}
Impact
User giving more tokens than expected.
Tools Used
Manual review
Recommendations
update
getInputAmountBasedOnOutputfunction which taking more amount than the output amount.
function getInputAmountBasedOnOutput(
uint256 outputAmount,
uint256 inputReserves,
uint256 outputReserves
)
public
pure
revertIfZero(outputAmount)
revertIfZero(outputReserves)
returns (uint256 inputAmount)
{
return
- ((inputReserves * outputAmount) * 10000) /
+ ((inputReserves * outputAmount) * 1000) /
((outputReserves - outputAmount) * 997);
}
Updates
Appeal created
inallhonesty 12 months ago
Submission Judgement Published Assigned finding tags:
Incorrect fee calculation in TSwapPool::getInputAmountBasedOnOutput causes protocol to take too many tokens from users, resulting in lost fees
Rewards breakdown
nSLOC
276This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.