4 matches found
Upgraded Q -> 2 from #17 [1678363178694]
Judge has assessed an item in Issue 17 as 2 risk. The relevant finding follows: 5. Duplicated swingTrader addresses can be added which make sellMalt/buyMalt working incorrectly Details In function addSwingTrader, there is no check to ensure swingTrader address is not existed. So admin can make a...
Value of totalProfit might be wrong because of wrong logic in function sellMalt()
Lines of code Vulnerability details Impact Contract SwingTraderManager has a totalProfit variable. It keeps track of total profit swing traders maded during sellMalt. However, the logic for accounting it is wrong so it will not have the correct value. As the results, it can affect other contracts...
sellMalt has a calculation error that can lead to excessive profits
Lines of code Vulnerability details Impact SwingTraderManager.sellMalt will call SwingTrader.sellMalt to sell the Malt purchased earlier and give the profit to profitDistributor to distribute. uint256 basis, = costBasis; if maxAmount totalMaltBalance maxAmount = totalMaltBalance;...
Slippage protection
Handle pauliax Vulnerability details Impact functions buyMalt and sellMalt, and removeLiquidity have no slippage protection and addLiquidity hardcodes it to 5%: 0, // amountOutMin Mempool snipers can profit from that by monitoring the chain and sandwiching these functions. Now it is left for the...