From 2f1dd9c7bf6ced3c99332bbe0ff50030efece44a Mon Sep 17 00:00:00 2001
From: mxwtnb <72396409+mxwtnb@users.noreply.github.com>
Date: Wed, 10 Mar 2021 00:36:50 +0000
Subject: [PATCH] Use safeTransfer and fix slither warnings

---
 contracts/LPool.sol  | 25 +++++++++++++++++--------
 contracts/LToken.sol | 12 ++++++------
 contracts/LViews.sol |  4 ++--
 3 files changed, 25 insertions(+), 16 deletions(-)

diff --git a/contracts/LPool.sol b/contracts/LPool.sol
index a6dc9aa..4f66e10 100644
--- a/contracts/LPool.sol
+++ b/contracts/LPool.sol
@@ -114,7 +114,7 @@ contract LPool is Ownable, ReentrancyGuard {
         require(cost <= maxCost, "Max slippage exceeded");
 
         totalValue = totalValue.add(quantity.mul(price));
-        baseToken.transferFrom(msg.sender, address(this), cost);
+        _safeTransferFromSenderToThis(cost);
         lToken.mint(to, quantity);
 
         // `maxPoolShare` being 0 means no limit
@@ -161,7 +161,7 @@ contract LPool is Ownable, ReentrancyGuard {
 
         totalValue = totalValue.sub(quantity.mul(price));
         lToken.burn(msg.sender, quantity);
-        baseToken.transfer(to, cost);
+        baseToken.safeTransfer(to, cost);
 
         emit Trade(msg.sender, to, baseToken, lToken, false, quantity, cost, feeAmount);
     }
@@ -181,19 +181,19 @@ contract LPool is Ownable, ReentrancyGuard {
         uint256 underlyingPrice = feedRegistry.getPrice(_params.underlyingToken);
         uint256 square = underlyingPrice.mul(underlyingPrice);
 
-        // invert price for short tokens and convert to 36dp
-        uint256 squareOrInv = _params.side == Side.Long ? square.mul(1e20) : uint256(1e52).div(square);
+        // invert price for short tokens and convert to 54dp
+        uint256 squareOrInv = _params.side == Side.Long ? square.mul(1e38) : uint256(1e70).div(square);
         require(squareOrInv > 0, "Price should be > 0");
 
         // set priceOffset the first time this method is called for this leveraged token
         uint256 priceOffset = _params.priceOffset;
         if (priceOffset == 0) {
-            priceOffset = _params.priceOffset = squareOrInv;
+            priceOffset = _params.priceOffset = squareOrInv.div(1e18);
         }
 
         // divide by the initial price to avoid extremely high or low prices
         // price decimals is now 18dp
-        price = squareOrInv.mul(1e18).div(priceOffset);
+        price = squareOrInv.div(priceOffset);
 
         uint256 _totalSupply = lToken.totalSupply();
         totalValue = totalValue.sub(_totalSupply.mul(_params.lastPrice)).add(_totalSupply.mul(price));
@@ -304,7 +304,7 @@ contract LPool is Ownable, ReentrancyGuard {
     }
 
     function collectFee() external onlyOwner {
-        baseToken.transfer(msg.sender, feesAccrued);
+        baseToken.safeTransfer(msg.sender, feesAccrued);
         feesAccrued = 0;
     }
 
@@ -315,6 +315,15 @@ contract LPool is Ownable, ReentrancyGuard {
     function emergencyWithdraw() external onlyOwner {
         require(!finalized, "Finalized");
         uint256 balance = baseToken.balanceOf(address(this));
-        baseToken.transfer(msg.sender, balance);
+        baseToken.safeTransfer(msg.sender, balance);
     }
+
+    function _safeTransferFromSenderToThis(uint256 amount) internal {
+        IERC20 _baseToken = baseToken;
+        uint256 balanceBefore = _baseToken.balanceOf(address(this));
+        _baseToken.safeTransferFrom(msg.sender, address(this), amount);
+        uint256 balanceAfter = _baseToken.balanceOf(address(this));
+        require(balanceAfter == balanceBefore.add(amount), "Deflationary tokens not supported");
+    }
+
 }
diff --git a/contracts/LToken.sol b/contracts/LToken.sol
index 18bce5a..2bbce04 100644
--- a/contracts/LToken.sol
+++ b/contracts/LToken.sol
@@ -18,15 +18,15 @@ contract LToken is ERC20Upgradeable {
     /**
      * @dev Initialize the contract. Should be called exactly once immediately after deployment
      * @param _lpool The `LPool` contract that deployed this contract
-     * @param name The name of this token
-     * @param symbol The symbol of this token
+     * @param _name The name of this token
+     * @param _symbol The symbol of this token
      */
     function initialize(
         address _lpool,
-        string memory name,
-        string memory symbol
-    ) public initializer {
-        __ERC20_init(name, symbol);
+        string memory _name,
+        string memory _symbol
+    ) external initializer {
+        __ERC20_init(_name, _symbol);
         lpool = _lpool;
     }
 
diff --git a/contracts/LViews.sol b/contracts/LViews.sol
index 73161a8..3ffa6b2 100644
--- a/contracts/LViews.sol
+++ b/contracts/LViews.sol
@@ -15,7 +15,7 @@ contract LViews {
      * @param lToken Leveraged token bought
      * @param quantity Quantity of leveraged tokens bought
      */
-    function buyQuote(LPool pool, LToken lToken, uint256 quantity) public view returns (uint256) {
+    function buyQuote(LPool pool, LToken lToken, uint256 quantity) external view returns (uint256) {
         uint256 cost = pool.quote(lToken, quantity).add(1);
         return cost.add(pool.fee(cost));
     }
@@ -25,7 +25,7 @@ contract LViews {
      * @param lToken Leveraged token sold
      * @param quantity Quantity of leveraged tokens sold
      */
-    function sellQuote(LPool pool, LToken lToken, uint256 quantity) public view returns (uint256) {
+    function sellQuote(LPool pool, LToken lToken, uint256 quantity) external view returns (uint256) {
         uint256 cost = pool.quote(lToken, quantity);
         return cost.sub(pool.fee(cost));
     }