Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Albort - Inconsistent Reserve Checks for Fee Deduction #77

Open
sherlock-admin4 opened this issue Sep 24, 2024 · 1 comment
Open

Albort - Inconsistent Reserve Checks for Fee Deduction #77

sherlock-admin4 opened this issue Sep 24, 2024 · 1 comment
Labels
Sponsor Disputed The sponsor disputed this issue's validity Won't Fix The sponsor confirmed this issue will not be fixed

Comments

@sherlock-admin4
Copy link

sherlock-admin4 commented Sep 24, 2024
edited
Loading

Albort

Medium

Inconsistent Reserve Checks for Fee Deduction

Summary

The reserve checks for the swap fee are only performed when woopool_from.token_mint != woopool_from.quote_token_mint.

Vulnerability Detail

  • When swapping from a base token to the quote token, the fee is deducted from the quote amount, and the protocol needs to ensure that the quote pool has enough reserve to cover the fee.
  • However, when swapping from the quote token to a base token, the fee is also deducted from the quote amount, but the reserve check is not performed in this case.
    This inconsistency could lead to situations where the protocol cannot cover the fee from its reserves.

Impact

Code Snippet

https://github.com/sherlock-audit/2024-08-woofi-solana-deployment/blob/main/WOOFi_Solana/programs/woofi/src/instructions/query.rs#L118

Tool used

Manual Review

Recommendation

Perform the reserve check for the swap fee regardless of the token being swapped from or to.
@toprince
Copy link

Not valid.
Same with previous one.
swap_fee is x% of from amount, and already checked that

@sherlock-admin3 sherlock-admin3 added Sponsor Disputed The sponsor disputed this issue's validity Won't Fix The sponsor confirmed this issue will not be fixed labels Oct 13, 2024
@sherlock-admin4 sherlock-admin4 changed the title Zesty Sage Tapir - Inconsistent Reserve Checks for Fee Deduction Albort - Inconsistent Reserve Checks for Fee Deduction Oct 15, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Sponsor Disputed The sponsor disputed this issue's validity Won't Fix The sponsor confirmed this issue will not be fixed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@toprince @sherlock-admin3 @sherlock-admin4