Lucene search

K
code423n4Code4renaCODE423N4:2022-04-BADGER-CITADEL-FINDINGS-ISSUES-173
HistoryApr 20, 2022 - 12:00 a.m.

deposit()ing when there is no discount results in zero xCitadel bought

2022-04-2000:00:00
Code4rena
github.com
1

Lines of code

Vulnerability details

The amount of citadel bought when there is no discount is always zero. If the user doesn’t specify, or specifies zero as the _minCitadelOut, then the user will get no xCitadel and will still have to pay the full price.

Proof of Concept

If funding.discount is equal to zero, citadelAmount_ will remain at the uninitialized value of zero rather than the correct value of citadelAmountWithoutDiscount

File: src/Funding.sol (lines 202-216)

    function getAmountOut(uint256 _assetAmountIn)
        public
        view
        returns (uint256 citadelAmount_)
    {
        uint256 citadelAmountWithoutDiscount = _assetAmountIn * citadelPriceInAsset;

        if (funding.discount > 0) {
            citadelAmount_ =
                (citadelAmountWithoutDiscount * MAX_BPS) /
                (MAX_BPS - funding.discount);
        }

        citadelAmount_ = citadelAmount_ / assetDecimalsNormalizationValue;
    }

Tools Used

Code inspection

Recommended Mitigation Steps

Initialize citadelAmount_ to citadelAmountWithoutDiscount


The text was updated successfully, but these errors were encountered:

All reactions