UniV2ClassDex.sol#uniClassSell()
Tokens with fee on transfer are not fully supported
#208
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
resolved
Finding has been patched by sponsor (sponsor pls link to PR containing fix)
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
Handle
WatchPug
Vulnerability details
https://github.com/code-423n4/2022-01-openleverage/blob/501e8f5c7ebaf1242572712626a77a3d65bdd3ad/openleverage-contracts/contracts/dex/bsc/UniV2ClassDex.sol#L31-L56
While
uniClassBuy()
correctly checks the actually received amount by comparing the before and after the balance of the receiver,uniClassSell()
trusted the result given bygetAmountOut()
. This makesuniClassSell()
can result in an output amount fewer thanminBuyAmount
.https://github.com/code-423n4/2022-01-openleverage/blob/501e8f5c7ebaf1242572712626a77a3d65bdd3ad/openleverage-contracts/contracts/dex/bsc/UniV2ClassDex.sol#L101-L102
Recommendation
Change to:
The text was updated successfully, but these errors were encountered: