High Findings
Infinite Loop in handle_redeem
Severity: High
Ecosystem: Sui
Protocol: Bucket Protocol
Auditor: MoveBit
Report Date: July 2023
Description:
In the handle_redeem function, if the debt value is 0, the loop controlling the redemption process may not terminate as expected, leading to a potential infinite loop. This can cause transaction failures or denial-of-service conditions within the protocol.
Infinite Recursion in distribute_dex_fees() Leading to Transaction Failure
Severity: High
Ecosystem: Aptos
Protocol: Baptswap
Auditor: MoveBit
Report: https://movebit.xyz/reports/BAPTSWAP-Final-Audit-Report.pdf
Report Date: Dec 2023
Description:
The function swap_v2.distribute_dex_fees() aims to calculate and distribute DEX fees based on the type of input X. In this function, the protocol calls swap_exact_x_to_y_direct() to exchange X for APT and then transfers the obtained APT to the treasury. However, within the swap_exact_x_to_y_direct() function, the protocol again invokes distribute_dex_fees(). This recursive calling pattern leads to an infinite loop, resulting in an out-of-gas situation and a failed transaction.