Merge pull request #266 from Uniswap/sanitize-amount

fix: sanitize quote response amount
Uniswap · Feb 13, 2024 · 8ea8735 · 8ea8735
2 parents 9c9db01 + 0271de1
commit 8ea8735
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 5 deletions.
diff --git a/lib/entities/QuoteResponse.ts b/lib/entities/QuoteResponse.ts
@@ -61,6 +61,7 @@ export class QuoteResponse implements QuoteResponseData {
       };
     }
 
+    // ensure quoted tokens match
     if (
       request?.tokenIn?.toLowerCase() !== data?.tokenIn?.toLowerCase() ||
       request?.tokenOut?.toLowerCase() !== data?.tokenOut?.toLowerCase()
@@ -71,14 +72,20 @@ export class QuoteResponse implements QuoteResponseData {
       };
     }
 
+    // take quoted amount from RFQ response
+    // but specified amount from request to avoid any inaccuracies from incorrect echoed response
+    const [amountIn, amountOut] =
+      request.type === TradeType.EXACT_INPUT
+        ? [request.amount, BigNumber.from(data.amountOut ?? 0)]
+        : [BigNumber.from(data.amountIn ?? 0), request.amount];
     return {
       response: new QuoteResponse(
         {
           ...data,
           quoteId: data.quoteId ?? uuidv4(),
           swapper: request.swapper,
-          amountIn: BigNumber.from(data.amountIn ?? 0),
-          amountOut: BigNumber.from(data.amountOut ?? 0),
+          amountIn,
+          amountOut,
         },
         type
       ),

diff --git a/test/entities/QuoteResponse.test.ts b/test/entities/QuoteResponse.test.ts
@@ -1,5 +1,4 @@
 import { TradeType } from '@uniswap/sdk-core';
-import { BigNumber } from 'ethers';
 import { parseEther } from 'ethers/lib/utils';
 
 import { QuoteResponse } from '../../lib/entities';
@@ -101,7 +100,8 @@ describe('QuoteRequest', () => {
         quoteId: QUOTE_ID,
       };
       const response = QuoteResponse.fromRFQ(quoteRequest, invalidResponse, TradeType.EXACT_INPUT);
-      expect(response.response.amountIn).toEqual(BigNumber.from(100));
+      // ensure we overwrite amount with the request amount, dont just accept what the quoter returned
+      expect(response.response.amountIn).toEqual(quoteRequest.amount);
       expect(response.validationError?.message).toBe('"amountIn" must be a string');
       expect(response.validationError?.value).toBe(invalidResponse);
     });

diff --git a/test/providers/quoters/WebhookQuoter.test.ts b/test/providers/quoters/WebhookQuoter.test.ts
@@ -398,7 +398,7 @@ describe('WebhookQuoter tests', () => {
             ...quote,
             quoteId: expect.any(String),
             amountOut: BigNumber.from(quote.amountOut),
-            amountIn: BigNumber.from(0),
+            amountIn: BigNumber.from(request.amount),
           },
           type: 0,
         },