Omniscia Steer Protocol Audit
AlgebraSinglePositionLiquidityManager Manual Review Findings
AlgebraSinglePositionLiquidityManager Manual Review Findings
ASP-01M: Inexistent Sanitization of Bin Configuration
| Type | Severity | Location |
|---|---|---|
| Input Sanitization |  | AlgebraSinglePositionLiquidityManager.sol:L99, L101, L194-L200 |
Description:
The AlgebraSinglePositionLiquidityManager::tend function will utilize the totalWeight input argument to calculate the proportion of the contract's available balance to deposit to the Algebra pool, however, the proportion is not restricted to be at most equal to 100% (1e4).
As such, it is possible for a AlgebraSinglePositionLiquidityManager::tend call to deposit more than the available balance of the contract, depositing pending fees which would cause all AlgebraBaseLiquidityManager::_getBalance0 and AlgebraBaseLiquidityManager::_getBalance1 function invocations to fail.
Impact:
It is possible for the vault to deposit more than its actual available balance as the weight of the AlgebraSinglePositionLiquidityManager::tend call is not sanitized.
Example:
89uint256 balance0 = _getBalance0();90uint256 balance1 = _getBalance1();91
92emit Snapshot(sqrtPriceX96, balance0, balance1, totalSupply());93
94// Create new positions in Uniswap95if (totalWeight > 0) {96 _setBins(97 sqrtPriceX96,98 // balance0 adjusted by totalWeight99 FullMath.mulDiv(balance0, totalWeight, 1e4),100 // balance1 adjusted by totalWeight101 FullMath.mulDiv(balance1, totalWeight, 1e4),102 swapAmount103 );104}Recommendation:
We advise the code to ensure that the totalWeight is at most equal to 1e4 as otherwise, underflow errors would occur in the AlgebraBaseLiquidityManager::_getBalance0 and AlgebraBaseLiquidityManager::_getBalance1 functions.
Alleviation (0c3f85c7c11805ac412fe291f5681bef26da7244):
A require check was introduced ensuring that the totalWeight specified in an AlgebraSinglePositionLiquidityManager::tend call is at most 100_00 thus alleviating this exhibit.