Incorrect comparison in the _updatePosition
of ConcentratedLiquidityPool
#91
Labels
1 (Low Risk)
Assets are not at risk. State handling, function incorrect as to spec, issues with comments
bug
Warden finding
sponsor acknowledged
Technically the issue is correct, but we're not going to resolve it for XYZ reasons
Handle
broccoli
Vulnerability details
Impact
The
_updatePosition
function ofConcentratedLiquidityPool
uses the<
operator to ensure a user's liquidity does not exceed the maximum. However, we should use the<=
operator instead.Proof of Concept
Referenced code:
ConcentratedLiquidityPool.sol#L549
Recommended Mitigation Steps
Change
<
to<=
in the referenced line of code.The text was updated successfully, but these errors were encountered: