Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Missing update current tick when we call set_sqrt_price_F_F_4_D_B_98_C() #30

Open
c4-bot-8 opened this issue Aug 30, 2024 · 0 comments
Open

Missing update current tick when we call set_sqrt_price_F_F_4_D_B_98_C() #30

c4-bot-8 opened this issue Aug 30, 2024 · 0 comments
Labels
2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working sufficient quality report This report is of sufficient quality

Comments

@c4-bot-8
Copy link
Contributor

Lines of code

https://github.com/code-423n4/2024-08-superposition/blob/4528c9d2dbe1550d2660dac903a8246076044905/pkg/seawater/src/lib.rs#L1078-L1092

Vulnerability details

Impact

When we update the sqrt price via set_sqrt_price_F_F_4_D_B_98_C(), the pool's cur tick is not updated timely. This will cause that cur_tick is incorrect. Calculations based on cur_tick will be wrong.

Proof of Concept

In lib.rs, if one pool is misconfigured at the beginning of the pool's life, we can update the pool's sqrt price via function set_sqrt_price_F_F_4_D_B_98_C().
The problem is that the pool's cur tick is calculated based on the sqrt price. We only update the sqrt price, missing update the cur_tick.

For example:

  • Init this pool with one incorrect sqrt price, cur_tick will be calculated based on the incorrect sqrt price.
  • Then we update sqrt price via function set_sqrt_price_F_F_4_D_B_98_C.
    But the cur_tick is still incorrect.
    pub fn set_sqrt_price_F_F_4_D_B_98_C(
        &mut self,
        pool: Address,
        new_price: U256,
    ) -> Result<(), Revert> {
        assert_eq_or!(
            msg::sender(),
            self.seawater_admin.get(),
            Error::SeawaterAdminOnly
        );
        // @audit if we set the sqrt price incorrectly, and we want to set the price correctly, we should update the cur_tick together.
        self.pools.setter(pool).set_sqrt_price(new_price);

        Ok(())
    }

Tools Used

Manual

Recommended Mitigation Steps

Update the related cur_tick when we update the sqrt price.

Assessed type

Context
@c4-bot-8 c4-bot-8 added 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working labels Aug 30, 2024
c4-bot-8 added a commit that referenced this issue Aug 30, 2024
@c4-bot-8
zhaojohnson issue #30
8af8334
howlbot-integration bot added a commit that referenced this issue Sep 16, 2024
@howlbot-integration
zhaojohnson update issue #30
ada7690
@howlbot-integration howlbot-integration bot added the sufficient quality report This report is of sufficient quality label Sep 16, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working sufficient quality report This report is of sufficient quality
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@c4-bot-8