Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[CL][bug]: Can trigger panic/chain halt due to incorrect bound check #5556

Closed
AlpinYukseloglu opened this issue Jun 18, 2023 · 0 comments · Fixed by #5557
Closed

[CL][bug]: Can trigger panic/chain halt due to incorrect bound check #5556

AlpinYukseloglu opened this issue Jun 18, 2023 · 0 comments · Fixed by #5557
Labels
F: concentrated-liquidity Tracking the development of concentrated liquidity feature to improve filtering on the project board

Comments

@AlpinYukseloglu
Copy link
Contributor

AlpinYukseloglu commented Jun 18, 2023

Background

The bound check below is incorrect and allows for the case where curSqrtPrice = upperSqrtPrice to be routed into Liquidity1, triggering a division by zero. It is trivial to get any pool to this state, including ones that protorev/txfees swap against in beginblock, allowing this issue to be easily escalated to a chain halt.

} else if sqrtPrice.LTE(sqrtPriceB) {

Suggested Design

  • Change the linked bound check to be strictly less than

Acceptance Criteria

  • A test case demonstrating the panic should pass
  • All existing tests should pass
@AlpinYukseloglu AlpinYukseloglu added the F: concentrated-liquidity Tracking the development of concentrated liquidity feature to improve filtering on the project board label Jun 18, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
F: concentrated-liquidity Tracking the development of concentrated liquidity feature to improve filtering on the project board
Projects
None yet
Development

Successfully merging a pull request may close this issue.

1 participant