_joinTokenSingle can easily fail
#194
Labels
1 (Low Risk)
Assets are not at risk. State handling, function incorrect as to spec, issues with comments
bug
Something isn't working
Comments
code423n4
added
1 (Low Risk)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Handle
cmichel
Vulnerability details
The
SingleTokenJoin._joinTokenSingletrades a single input token with a predetermined input amount to all basket tokens (according to the individual token weights in the basket).The basket share output amount is defined as a parameter, as well as the input amount, however, these two values are independent.
It can easily happen that the input amount that needs to be traded to reach the specified basket share output amount is too low as the price of any token on the DEX has changed since the transaction was submitted.
Recommended Mitigation Steps
Don't specify the input amount at all, work backwards from the desired shares output amount to the token amounts, from these token amounts to the sum of the intermediate token, from this intermediate token to the initial input token amount.
This can be done using the Uniswap
getAmountsIn.The text was updated successfully, but these errors were encountered: