Hardcoded liquidity #107
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
insufficient quality report
This report is not of sufficient quality
primary issue
Highest quality submission among a set of duplicates
unsatisfactory
does not satisfy C4 submission criteria; not eligible for awards
Lines of code
https://github.com/code-423n4/2023-11-zetachain/blob/2834e3f85b2c7774e97413936018a0814c57d860/repos/protocol-contracts/contracts/evm/tools/ZetaTokenConsumerTrident.strategy.sol#L203
Vulnerability details
Hardcoded false Boolean with unimplemented business logic.
Impact
When other contract interact with
ZetaTokenConsumerTrident.strategy.sol
and call thehasZetaLiquidity
, it will always return false regardless if there is liquidity in the pool. It provides falsified information to user.Tools Used
Manual Review
Recommended Mitigation Steps
Add business logic similar to other dex contracts which actually checks for liquidity and return the correct boolean:
Assessed type
Context
The text was updated successfully, but these errors were encountered: