Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[CL]: Attack vector repro to drain LP funds from any CL pool #5493

Closed
wants to merge 1 commit into from

Conversation

AlpinYukseloglu
Copy link
Contributor

@AlpinYukseloglu AlpinYukseloglu commented Jun 10, 2023

Closes: #XXX

What is the purpose of the change

This PR demonstrates an attack vector to drain LP funds from a pool.

Testing and Verifying

N/A

Documentation and Release Note

  • Does this pull request introduce a new feature or user-facing behavior changes?
  • Changelog entry added to Unreleased section of CHANGELOG.md?

Where is the change documented?

  • Specification (x/{module}/README.md)
  • Osmosis documentation site
  • Code comments?
  • N/A

@AlpinYukseloglu AlpinYukseloglu added V:state/compatible/no_backport State machine compatible PR, depends on prior breaks A:no-changelog labels Jun 10, 2023
Comment on lines +2534 to +2537
amt0FirstPos, amt1FirstPos, err := s.clk.WithdrawPosition(s.Ctx, firstPositionAddr, firstPosId, firstPosLiq)
s.Require().NoError(err)

fmt.Println("withdrawn amounts: ", amt0FirstPos, amt1FirstPos)
Copy link
Member

@ValarDragon ValarDragon Jun 10, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Its 0, 8985893231, you'd want this to be XXX, (2 * 8985893232 - 10000)/2), hence it being a drain

@AlpinYukseloglu
Copy link
Contributor Author

Closing since this was fixed by #5541

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
A:no-changelog C:x/concentrated-liquidity V:state/compatible/no_backport State machine compatible PR, depends on prior breaks
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants