F-2025-0010·code-quality
Inconsistent storage variables cleanup during LP burning
TL;DR
On LP burn, `lp_shares_per_token` and `lp_token_to_sub_id` storage entries are cleaned up but `lp_token_to_pool_id` is not. No security impact, but the inconsistency affects code lifecycle hygiene.
Severity
INFO
Impact
LOW
Likelihood
LOW
Method
MManual review
CAT.
Complexity
LOW
Exploitability
LOW
02Section · Description
Description
The contract uses the following storage variables to hold the LP data:
lp_token_to_sub_id: mapsAssetIdof the LP token to theSubIdused to create it.lp_shares_per_token: maps theAssetIdof the LP token with theStorageVecofLPSharesPerBinstructs which represents shares owned by the LP token in each bin where liquidity was provided.lp_token_to_pool_id: maps theAssetIdof the LP token with thePoolId, defines to which pool the given token pertains.
All the above are filled with relevant data during the LP minting process. While burning the following is being removed in the mint_utils::burn_lp_token(...):
code
assert(storage_keys.lp_shares_per_token.remove(lp_asset_id));assert(storage_keys.lp_token_to_sub_id.remove(lp_asset_id));
We can see that the lp_token_to_pool_id is not removed, hence the inconsistency.
03Section · Impact
Impact
There is no impact here, as the specific AssetId cannot be re-used, yet there is inconsistent approach to data lifecycle here.
04Section · Recommendation
Recommendation
Two approaches can be considered here:
- Removal of all data.
- Leaving the data as is, even after burning. This approach might be considered as it will save some gas.
05Section · Resolution
Resolution
Fixed in commit ff06ba98bcbb6d0f999354eb67293119687c4020.
Status
Fixed
Fix commit
ff06ba98bcbb
