VaderMath:calculateSwapReverse require statement change to <= instead of < #61
Labels
1 (Low Risk)
Assets are not at risk. State handling, function incorrect as to spec, issues with comments
bug
Something isn't working
VaderMath
Handle
GiveMeTestEther
Vulnerability details
The require statement checks y4 < reserveOut, but the derivation allows y4 <= reserveOut
Impact
https://github.com/code-423n4/2021-12-vader/blob/fd2787013608438beae361ce1bb6d9ffba466c45/contracts/dex/math/VaderMath.sol#L131
https://github.com/code-423n4/2021-12-vader/blob/fd2787013608438beae361ce1bb6d9ffba466c45/contracts/dex/math/VaderMath.sol#L135
Proof of Concept
Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept.
Recommended Mitigation Steps
The text was updated successfully, but these errors were encountered: