https://github.com/code-423n4/2022-03-lifinance/blob/main/docs/GenericSwapFacet.md stated that _lifiData is strictly for analytics purposes. But _lifiData is used to set receivingAsset.
In GenericSwapFacet.swapTokensGeneric, _lifiData.receivingAssetId is used in LibAsset.getOwnBalance and LibAsset.transferAsset.
<https://github.com/code-423n4/2022-03-lifinance/blob/main/src/Facets/GenericSwapFacet.sol#L22>
function swapTokensGeneric(LiFiData memory _lifiData, LibSwap.SwapData[] calldata _swapData) public payable {
uint256 receivingAssetIdBalance = LibAsset.getOwnBalance(_lifiData.receivingAssetId);
// Swap
_executeSwaps(_lifiData, _swapData);
uint256 postSwapBalance = LibAsset.getOwnBalance(_lifiData.receivingAssetId) - receivingAssetIdBalance;
LibAsset.transferAsset(_lifiData.receivingAssetId, payable(msg.sender), postSwapBalance);
...
}
Manual code review.
In order to follow the policy, there should be a new parameter GenericSwapData.
function swapTokensGeneric(LiFiData memory _lifiData, LibSwap.SwapData[] calldata _swapData, GenericSwapData _genericSwapData) public payable {
uint256 receivingAssetIdBalance = LibAsset.getOwnBalance(_genericSwapData.receivingAssetId);
// Swap
_executeSwaps(_lifiData, _swapData);
uint256 postSwapBalance = LibAsset.getOwnBalance(_genericSwapData.receivingAssetId) - receivingAssetIdBalance;
LibAsset.transferAsset(_genericSwapData.receivingAssetId, payable(msg.sender), postSwapBalance);
...
}
The text was updated successfully, but these errors were encountered:
All reactions