IndexPool: Poor conversion from Balancer V1's corresponding functions #40
Labels
3 (High Risk)
Assets can be stolen/lost/compromised directly
bug
Warden finding
sponsor acknowledged
Technically the issue is correct, but we're not going to resolve it for XYZ reasons
Handle
GreyArt
Vulnerability details
Impact
A number of functions suffer from the erroneous conversion of Balancer V1's implementation.
_compute()
(equivalent to Balancer's[bpow()](https://github.com/balancer-labs/balancer-core/blob/master/contracts/BNum.sol#L108-L126)
)if (remain == 0) output = wholePow;
when a return statement should be used instead._computeSingleOutGivenPoolIn()
(equivalent to Balancer's[_calcSingleOutGivenPoolIn()](https://github.com/balancer-labs/balancer-core/blob/master/contracts/BMath.sol#L195-L224)
)tokenOutRatio
should be calculated with_compute()
instead of_pow()
zaz
should be calculated with_mul()
instead of the native*
_pow()
(equivalent to Balancer's[bpowi()](https://github.com/balancer-labs/balancer-core/blob/master/contracts/BNum.sol#L89-L103)
){}
for the for loop causes a different interpretation_mul
should be used instead of the native*
Recommended Mitigation Steps
The fixed implementation is provided below.
The text was updated successfully, but these errors were encountered: