Omniscia SaucerSwap Audit

Position Manual Review Findings

Position Manual Review Findings

PNO-01M: Incorrect Code Adaptation

Description:

The referenced code invoked a special LiquidityMath::addDelta function in the original implementation of the codebase.

The new iteration is not identical to the original; namely, it does not ensure that the subtracted value is non-zero (i.e. uint128(-liquidityDelta)) and can also lead to underflows if liquidityDelta is equal to type(int128).min.

Impact:

A liquidityNext that is equal to _self.liquidity can cause significant misbehaviours in the exchange system's accounting if taken advantage of.

Example:

contracts/libraries/Position.sol
57liquidityNext = liquidityDelta < 0
58 ? _self.liquidity - uint128(-liquidityDelta)
59 : _self.liquidity + uint128(liquidityDelta);

Recommendation:

We advise the code to imitate the original implementation, performing the liquidityDelta negation in an unchecked code block and evaluating that the subtraction will yield a value less than the _self.liquidity value.

Alleviation (3248d1d2fdfa6e1e270ff27db8eefb13dcb55c40):

The SaucerSwap team informed us that they specifically forked a specialized branch of the Uniswap V3 core repository and we validated that there were no changes performed in relation to the original.

As such, this exhibit is considered nullified.