Platform: Code4rena
Start Date: 14/10/2022
Pot Size: $100,000 USDC
Total HM: 12
Participants: 75
Period: 9 days
Judge: GalloDaSballo
Total Solo HM: 1
Id: 171
League: ETH
Rank: 48/75
Findings: 1
Award: $0.97
🌟 Selected for report: 0
🚀 Solo Findings: 0
0.9728 USDC - $0.97
If the user doesnt send the exact amount of ether while calling the swapAVAXForExactTokens function, it will revert. Since its impossible to know what is the exact amount of ether needed for the function to work before hand, the user will never be able to swap AVAX.
Looking at the code of the swapAVAXForExactTokens function, we can see that if the msg.value < amountsIn[0], then the function will revert.
Otherwise if all other conditions pass, it will arrive at the last statement in the function:
if (msg.value > amountsIn[0]) _safeTransferAVAX(_to, amountsIn[0] - msg.value);
If the msg.value > amountsIn[0], then the condition passes and we call the _safeTransferAVAX function with two arguments. The second argument is amountsIn[0] - msg.value, which will ALWAYS revert due to underflow error, because we had made sure at this point that amountsIn[0] < msg.value.
VSCode, Manual review
Change the last statement in the function as follows:
if (msg.value > amountsIn[0]) _safeTransferAVAX(_to, msg.value - amountsIn[0]);
#0 - Shungy
2022-10-24T06:40:53Z
I think this finding to be valid.
Duplicate: https://github.com/code-423n4/2022-10-traderjoe-findings/issues/469
#1 - GalloDaSballo
2022-10-26T18:27:14Z
#2 - GalloDaSballo
2022-11-13T19:54:54Z
L
#3 - c4-judge
2022-11-13T19:55:00Z
GalloDaSballo changed the severity to QA (Quality Assurance)
#4 - Simon-Busch
2022-11-21T06:11:30Z
Reverted to M as requested by @GalloDaSballo
#5 - Simon-Busch
2022-12-05T06:43:34Z
Marked this issue as satisfactory as requested by @GalloDaSballo