bin2chen
medium
in BufferBinaryPool#_withdraw() The real amount of transfers is "tokenXAmountToWithdraw", so we should use this variable to check if we have enough balance. But now we use "tokenXAmount"
function _withdraw(uint256 tokenXAmount, address account)
internal
returns (uint256 burn)
{
require(
tokenXAmount <= availableBalance(),
"Pool: Not enough funds on the pool contract. Please lower the amount."
);//**audit check tokenXAmount ***/
...
uint256 tokenXAmountToWithdraw = maxUserTokenXWithdrawal < tokenXAmount
? maxUserTokenXWithdrawal
: tokenXAmount;
...
bool success = tokenX.transfer(account, tokenXAmountToWithdraw); //***audit but use tokenXAmountToWithdraw to transer ****/
require(success, "Pool: The Withdrawal didn't go through");
Restrictions are not allowed in special cases
Manual Review
function _withdraw(uint256 tokenXAmount, address account)
internal
returns (uint256 burn)
{
- require(
- tokenXAmount <= availableBalance(),
- "Pool: Not enough funds on the pool contract. Please lower the amount."
- );
uint256 totalSupply = totalSupply();
uint256 balance = totalTokenXBalance();
...
uint256 tokenXAmountToWithdraw = maxUserTokenXWithdrawal < tokenXAmount
? maxUserTokenXWithdrawal
: tokenXAmount;
+ require(
+ tokenXAmountToWithdraw <= availableBalance(),
+ "Pool: Not enough funds on the pool contract. Please lower the amount."
+ );