You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The function function convert of GeneralConverter.sol calculates the number of tokens to be transferred by subtracting the balance after with the balance before.
However this only happens in the first 2 pieces of the code (e.g. swapping to or from tokenCRV).
When swapping between 2 of the underlying tokens this pattern isn't used.
Vulnerability details
The function function convert of GeneralConverter.sol calculates the number of tokens to be transferred by subtracting the balance after with the balance before.
However this only happens in the first 2 pieces of the code (e.g. swapping to or from tokenCRV).
When swapping between 2 of the underlying tokens this pattern isn't used.
Proof of concept
metavault/contracts/v3/converters/GeneralConverter.sol
Lines 154 to 155 in 014fd27
Recommended mitigation steps
Use the pattern to calculate the balance difference also when swapping between 2 of the underlying tokens.
The text was updated successfully, but these errors were encountered: