2 matches found
The MultiFlowPump.sol/update() function will neither update nor revert any call made to it by any Well Implementation, hence will fail in storing the correct reserve values.
Lines of code Vulnerability details Impact The MultiFlowPump will not be able to update the lastReserves, emaReserves, cumulativeReserves. This will let any attacker to manipulate the value of reserves to any number. Proof of Concept As provided the code of update function, the getDeltaTimestamp...
Burning does not update reserves
Handle cmichel Vulnerability details The ConcentratedLiquidityPool.burn function sends out amount0/amount1 tokens but only updates the reserves by decreasing it by the fees of these amounts. unchecked // @audit decreases by fees only, not by amount0/amount1 reserve0 -= uint128amount0fees; reserve...