Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
code423n4Code4renaCODE423N4:2023-10-CANTO-FINDINGS-ISSUES-214
HistoryOct 06, 2023 - 12:00 a.m.

LiquidityMining.initTickTracking() called by MarketSequencer.initCurve() Check if the liquidity curve for the pool is already initialized.

2023-10-0600:00:00
Code4rena
github.com
5
vulnerability
reinitialization
marketsequencer
liquiditymining
initialization

7 High

AI Score

Confidence

Low

JSON

Lines of code

Vulnerability details

MarketSequencer.initCurve() can callLiquidityMining.initTickTracking() any number of times, because their is no restriction for reinitialization. As stated in the comment section, putting the caller in charge of not reinitializing can lead to an unintentional reinitialization of the liquidity curve for the pool. This can lead to over-writing tick state data.

Recommendation: Add a state variable that checks if the liquidity cure has been initialized or that tick tracking has been initialized.

Assessed type

Other

The text was updated successfully, but these errors were encountered:

All reactions

7 High

AI Score

Confidence

Low

JSON