Dopex - mrudenko's results

Lines of code

https://github.com/code-423n4/2023-08-dopex/blob/eb4d4a201b3a75dd4bddc74a34e9c42c71d0d12f/contracts/amo/UniV2LiquidityAmo.sol#L287

Vulnerability details

Impact

The lpTokenBalance state variable in the UniV2LiquidityAmo contract may become inconsistent with the actual LP token balance of the contract. This can occur if users add or remove liquidity directly through the Uniswap pool without using the contract's functions. Such inconsistency can lead to inaccurate calculations and unexpected contract behavior.

Proof of Concept

In the provided code section, the lpTokenBalance is updated based on the contract's interactions. However, if a user interacts directly with the Uniswap pool, this balance won't reflect the actual state.

function addLiquidity(uint amountA, uint amountB) external onlyOwner {
    // ... existing code ...

    // Call the sync function to ensure lpTokenBalance is consistent
    sync();
    
    // ... rest of the function ...
}

By adding the sync function call within the addLiquidity function (and similarly in other functions that change liquidity), we ensure that the lpTokenBalance state variable remains consistent with the actual LP token balance of the contract.

Tools Used

Manual review

Recommended Mitigation Steps

Integrate the sync function call within all functions that change the liquidity to ensure the lpTokenBalance state variable remains consistent.

Assessed type

Context