Description

In addition to Finding ref↗, further prevention of graduation is possible through subsequent administrative misunderstanding of the VIRTUAL_BASE upper-bound values.

Focusing on the final operation in _getQuoteAmount() function, we have

return (quoteReserve * baseAmount) / baseReserveAfter;

It is clear the value returned can round to zero if the quoteReserve * baseAmount < baseReserveAfter.

Assuming only one base token remains before graduation would imply quoteReserve < baseReserveAfter produces a 0 quote-token input into the bonding curve. If 0 input is registered for 1 token output, the SimpleLaunchpad::buy() will revert with DustAttackInvalid().

Impact

If an administrator does not understand that the VIRTUAL_BASE upper bound can cause rounding, they may configure the bonding curve such that the Launchpad can launch tokens but will never allow graduation breaking key assumptions of early investors.

Recommendations

Ensure that the final quoteReserve achievable after buying BONDING_SUPPLY is larger than the baseReserveAfter.

Remediation

This issue has been acknowledged by Liquid Labs, Inc., and a fix was implemented in commit b2e9f242↗.

Liquid Labs, Inc. provided the following response to this finding:

Small buys that would cost 0 quote, causing a DustAttackInvalid revert are now allowed if its the final buy that causes graduation, preventing the DOS.