Critical Findings

burn_from_bins_internal is subjected to DoS as we reset global liquidity when one bins liquidity goes to zero

Severity: Critical

Ecosystem: Sui

Protocol: Magma DEX

Auditor: Three Sigma

Report: https://cdn.sanity.io/files/qoqld077/staging/9566473c444a6cfd99c7a6556fa4857950b41de3.pdf

Report Date: July 2025

Description:

When burning liquidity we call burn_from_bins_internal. and we reset the global liquidity parameter to zero in case the reserve for the bins goes to zero or the supply of that bin goes to zero. Resetting liquidity at this case is not needed, it is actually incorrect, as this variable indicates the total liquidity in all bins. so falling one bin to zero does not mean the global liquidity goes to zero. And the problem is not just incorrect view function. In case this occur and another LP wanted to burn frmo his position from another bin, and the bin still has liquidity we will go to the else block which will do self.liquidity - liquidity_delta so it will endup in underflow error, reverting the tx and preventing the burning. Even the first check enforces the liquidity difference to be too small. so most of further burning process will end up at else block results in underflow and reverting the tx.

Move Vulnerability Database

Critical Findings

burn_from_bins_internal is subjected to DoS as we reset global liquidity when one bins liquidity goes to zero