3 matches found
_addLiquidity() function will revert in first call
Lines of code Vulnerability details Impact The first user cant calls the addLiquidity function because this function doesn't handle the first call. addLiquidity function is calculate lp amount by calling calcLPTokenUnderlying function. so this function has a division for lpTokenSupply. in this...
Early user can break addLiquidity
Handle WatchPug Vulnerability details uint256 totalLiquidityUnits = totalSupply; if totalLiquidityUnits == 0 liquidity = nativeDeposit; // TODO: Contact ThorChain on proper approach In the current implementation, the first liquidity takes the nativeDeposit amount and uses it directly. However,...
Pools can be created without initial liquidity
Handle cmichel Vulnerability details Vulnerability Details The protocol differentiates between public pool creations and private ones starting without liquidity. However, this is not effective as anyone can just flashloan the required initial pool liquidity, call PoolFactory.createPoolADD, receiv...