Omniscia Xcaliswap Audit

Multiswap Manual Review Findings

MPA-01M: Improper Validation of Weights

Type	Severity	Location
Logical Fault		Multiswap.sol:L90

Description:

The _assertWeights function incorrectly evaluates the sum of the weights as it performs an equality of the iterator i with zero instead of the _weights[i] value.

Impact:

It currently is impossible to execute the multiswap function as it will always fail at the _assertWeights require check rendering the contract inoperable.

Example:

contracts/periphery/Multiswap.sol

84// ***** INTERNAL *****
85function _assertWeights(uint[] calldata _weights) internal pure returns (bool) {
86    uint totalWeight = 10000; // Basis points
87    uint weightSum = 0;
88    uint length = _weights.length;
89    for (uint i = 0; i < length; ++i) {
90        if (i == 0) return false;
91        weightSum += _weights[i];
92        
93    }
94    return weightSum == totalWeight;
95}

Recommendation:

We advise the comparison within the for loop to be corrected as otherwise the code will fail regardless of the input _weights configuration.

Alleviation:

The Xcaliswap team has fixed this issue by removing the if condition from the for loop.

Omniscia Xcaliswap Audit

Multiswap Manual Review Findings

Multiswap Manual Review Findings

MPA-01M: Improper Validation of Weights

Description:

Impact:

Example:

Recommendation:

Alleviation:

Minter.sol (MRE-M)

SwapPair.sol (SPR-M)

On this page