Tadle

DeFiFoundry

27,750 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

Mismatch in NatSpec Documentation for `getDepositAmount` Function in `OfferLibraries` Library

n3smaro

Summary

The NatSpec documentation for the getDepositAmount function in the OfferLibraries library contains inaccuracies related to the parameters and their descriptions. These discrepancies can lead to confusion about the function's behavior, particularly regarding the role of the _isMaker parameter in bid and ask offers.

Vulnerability Details

The getDepositAmount function’s NatSpec documentation is inconsistent with the actual function logic.

/**

* @dev Get deposit amount

* @dev if create ask offer, return _amount * _collateralRate;

* @dev if create bid offer, return _amount;

* @dev if create ask order, return _amount;

* @dev if create bid order, return _amount * _collateralRate;

* @param _offerType offer type

* @param _collateralRate collateral rate

* @param _amount amount

* @param _isMaker is maker, true if create offer, false if create offer

* @param _rounding rounding

function getDepositAmount(

OfferType _offerType,

uint256 _collateralRate,

uint256 _amount,

bool _isMaker,

Math.Rounding _rounding

) internal pure returns (uint256) {

/// @dev bid offer

if (_offerType == OfferType.Bid && _isMaker) {

return _amount;

}

/// @dev ask order

if (_offerType == OfferType.Ask && !_isMaker) {

return _amount;

}

return

Math.mulDiv(

_amount,

_collateralRate,

Constants.COLLATERAL_RATE_DECIMAL_SCALER,

_rounding

);

}

Documentation Errors: The NatSpec comments indicate:
- if create ask offer, return _amount * _collateralRate
- if create bid offer, return _amount
- if create ask order, return _amount
- if create bid order, return _amount * _collateralRate
  However, the function’s behavior is as follows:
  - For Bid offers, if _isMaker is true, it returns _amount.
  - For Ask orders, if _isMaker is false, it returns _amount.
  - In other cases, it calculates and returns _amount * _collateralRate.
Misleading Documentation: The documentation inaccurately describes _isMaker as related to whether the entity is creating an offer or an order, while it actually determines whether the function is processing a "maker" offer (true) or a "taker" offer (false).

Impact

Inaccurate documentation can mislead developers about how the function calculates deposit amounts, potentially leading to errors in understanding and implementing deposit logic. This can affect how deposits are handled for bid and ask offers, causing incorrect calculations or unintended behaviors.

Tools Used

Manual Code Review

Recommendations

Consider updating the NatSpec documentation to accurately reflect the function's behavior.

Updates

Lead Judging Commences

0xnevi Lead Judge

12 months ago

0xnevi Lead Judge 12 months ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Prize pool breakdown

Total prize

27,750 USDC

nSLOC

1,229

23 USDC / LOC

High Medium

25,000 USDC

Low

2,750 USDC

Judges

2,250 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.