Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
code423n4Code4renaCODE423N4:2023-08-SHELL-FINDINGS-ISSUES-165
HistoryAug 28, 2023 - 12:00 a.m.

Liquidity concentration rate is reduced by the use of timestamp instead of block number

2023-08-2800:00:00
Code4rena
github.com
4
vulnerability
timestamp
block number
calculation
mitigation
library
JSON

Lines of code
<https://github.com/code-423n4/2023-08-shell/blob/main/src/proteus/EvolvingProteus.sol#L81&gt;

Vulnerability details

Impact

  • Liquidity concentration rate is reduced by the use of timestamp instead of block number

Proof of Concept

The document states that This primitive can passively update liquidity concentration over time. You can think of it like a hybrid between a Balancer liquidity bootstrapping pool and Uniswap v3. The pool creator picks a starting liquidity concentration and an ending liquidity concentration. The creator also sets a starting timestamp and an ending timestamp during which liquidity concentration evolves. Every block, the primitive will update its concentration.

The liquidity concentrate hence will be updated every block. However, library LibConfig all uses timestamp in calculations:

    function elapsed(Config storage self) public view returns (uint256) {
        return block.timestamp - self.t_init;
    }
    function t(Config storage self) public view returns (int128) {
        return elapsed(self).divu(duration(self));
    }
    function p_min(Config storage self) public view returns (int128) {
        if (t(self) &gt; ABDK_ONE) return self.px_final;
        else return self.px_init.mul(ABDK_ONE.sub(t(self))).add(self.px_final.mul(t(self)));
    }
    function p_max(Config storage self) public view returns (int128) {
        if (t(self) &gt; ABDK_ONE) return self.py_final;
        else return self.py_init.mul(ABDK_ONE.sub(t(self))).add(self.py_final.mul(t(self)));
    }

These function t, elapsed, p_min, p_max is calculated using timestamp and they are used for computation in deposit, swap and withdraw.

According to this chart here <https://arbiscan.io/chart/tx&gt;, the average block per second is 3 ~ 4. Therefore, the liquidity concentration rate will be slowed 3 -> 4 times and also if its change will not be reflected every block like described in documentation.

Tools Used

Manual review

Recommended Mitigation Steps

I suggest using block as units in duration calculations.

Assessed type

Library

The text was updated successfully, but these errors were encountered:

All reactions

JSON