Platform: Code4rena
Start Date: 07/04/2023
Pot Size: $47,000 USDC
Total HM: 20
Participants: 120
Period: 6 days
Judge: GalloDaSballo
Total Solo HM: 4
Id: 230
League: ETH
Rank: 68/120
Findings: 1
Award: $34.04
🌟 Selected for report: 0
🚀 Solo Findings: 0
34.044 USDC - $34.04
https://github.com/code-423n4/2023-04-caviar/blob/main/src/EthRouter.sol#L273-L281
EthRouter.change() is always failed during batch changing unless 'Factory.protocolFeeRate()' is 0 and every changeFee of PrivatePool is 0 except the last one.
Suppose Alice wants to change token(s) of two different nfts in two different PrivatePools. The changeFee of first PrivatePool is not 0.
The initial balance of EthRouter is 0 ether.
EthRouter will call PrivatePool(changes[0].pool).change{value: msg.value}() then PrivatePool(changes[1].pool).change{value: msg.value}().
Since PrivatePool(changes[1].pool) will keep some ether as changeFee and protocolFeeAmount, the ether balance of EthRouter will be less than msg.value, there is no enough ether for next change: PrivatePool(changes[0].pool).change{value: msg.value}() and the whole transaction will be reverted.
None
Change msg.value to address(this).balance to ensure the ether value sent to next call PrivatePool.change() is no more than the ether balance of EthRouter.
#0 - c4-pre-sort
2023-04-20T16:55:20Z
0xSorryNotSorry marked the issue as duplicate of #873
#1 - c4-judge
2023-05-01T07:12:03Z
GalloDaSballo marked the issue as satisfactory