4 matches found
Incorrect Decimals Conversion in Curve2PoolAdapter::primitiveOutputAmount Function
Lines of code Vulnerability details Impact The bug in the primitiveOutputAmount function can lead to incorrect decimal conversions when calculating the rawInputAmount. The rawInputAmount is calculated using the convertDecimals function, but the decimals parameter passed to convertDecimals is...
It is possible that, after swapping, extra input token amount is transferred from user to pool but pool does not give user output token amount that corresponds to the extra input token amount
Lines of code Vulnerability details Impact When calling the swap function below, the following swapCallback function is further called for calling the algebraSwapCallback function in the callee contract, which is msg.sender; such contract could be implemented by a third party especially for...
Output token shouldn't be pulled from the caller in the swap
Lines of code Vulnerability details Impact Output token shouldn't be pulled from the caller in the swap. Since the output token shouldn't be sent to the caller when performing a swap as it is the token that the user should be received, it will always revert if the amount of output token...
Wrong design of swap() results in unexpected and unfavorable outputs
Handle WatchPug Vulnerability details The current formula to calculate the amountOut for a swap is: function calculateSwap uint256 amountIn, uint256 reserveIn, uint256 reserveOut public pure returns uint256 amountOut // x Y X uint256 numerator = amountIn reserveIn reserveOut; // x + X ^ 2 uint256...