search
Active Boosts

#44084 [SC-Insight] Incorrect Nat spec in `calcIBTsToTokenizeForCurvePool` and `calcIBTsToTokenizeForCurvePoolCustomProp`

Submitted on Apr 16th 2025 at 18:55:10 UTC by @MrMorningstar for Audit Comp | Spectra Financearrow-up-right

  • Report ID: #44084

  • Report Type: Smart Contract

  • Report severity: Insight

  • Target: https://github.com/immunefi-team/Spectra-Audit-Competition/blob/main/src/libraries/CurvePoolUtil.sol

  • Impacts:

hashtag
Description

hashtag
Brief/Intro

The natspec of calcIBTsToTokenizeForCurvePool and calcIBTsToTokenizeForCurvePoolCustomProp says the functions return the amount of IBT that will be deposited in curve pools:

   /**
     * @notice Return the amount of IBT to deposit in the curve pool, given the total amount of IBT available for deposit
     * @param _amount The total amount of IBT available for deposit
     * @param _curvePool The address of the pool to deposit the amounts
     * @param _pt The address of the PT
     * @return ibts The amount of IBT which will be deposited in the curve pool
     */
    function calcIBTsToTokenizeForCurvePool(
        uint256 _amount,
        address _curvePool,
        address _pt
    ) external view returns (uint256 ibts) {
        (uint256 ibtBalance, uint256 ptBalance) = _getCurvePoolBalances(_curvePool);
        uint256 ibtBalanceInPT = IPrincipalToken(_pt).previewDepositIBT(ibtBalance);
        // Liquidity added in a ratio that (closely) matches the existing pool's ratio
        ibts = _amount.mulDiv(ptBalance, ibtBalanceInPT + ptBalance);
    }

    /**
     * @notice Return the amount of IBT to deposit in the curve pool given the proportion in which we want to deposit, given the total amount of IBT available for deposit
     * @param _amount The total amount of IBT available for deposit
     * @param _prop The proportion in which we want to make the deposit: _prop = nIBT / (nIBT + nPT)
     * @param _pt The address of the PT
     * @return ibts The amount of IBT which will be deposited in the curve pool
     */
    function calcIBTsToTokenizeForCurvePoolCustomProp(
        uint256 _amount,
        uint256 _prop,
        address _pt
    ) external view returns (uint256 ibts) {
        uint256 rate = IPrincipalToken(_pt).previewDepositIBT(_amount).mulDiv(CURVE_UNIT, _amount);
        ibts = _amount.mulDiv(CURVE_UNIT, CURVE_UNIT + _prop.mulDiv(rate, CURVE_UNIT));
    }

However those functions calculate ibt amount that will be deposited in PT not in curve which is based on proportion of ibt and pt token balance on curve in calcIBTsToTokenizeForCurvePool or on custom proportion in calcIBTsToTokenizeForCurvePoolCustomProp which further more we can prove that in the following code snippet where those functions are used:

We can see in the code above that returned amounts is deposited in PrincipalToken actually (which later can be deposited on curve but not necessarily)

Therefore I believe the Nat spec is misinformative and could lead to incorrect expectations.

For those reasons I believe it should be changed.

hashtag
Recommendation

Rewrite function description to represent function accurately

hashtag
Proof of Concept

hashtag
Proof of Concept

PoC is not needed as this Insight falls under document and code improvements.

Previous#43195 [SC-Insight] `Dispatcher.sol` uses `initializer` modifier instead of `onlyInitializing`Next#43729 [SC-Low] Silent execution failure on `Dispatcher::_dispatch` due to unchecked return value on `Dispatcher:TRANSFER_NATIVE` operation

Was this helpful?