Description
The provide_liquidity fails to validate that desired_a and desired_b are not negative.
Coinspect attempted to exploit this problem, however the transaction reverted due to a check in the token contract that does not allow negative values. Should the pool use a token without such check, an attacker could attempt to subtract pooled funds by providing negative liquidity values.
Recommendation
Add the validate_int_parameters function to ensure that values are not negative. Similarly to what's done in the volatile pool code.
Location
Description The
provide_liquidity
fails to validate thatdesired_a
anddesired_b
are not negative. Coinspect attempted to exploit this problem, however the transaction reverted due to a check in the token contract that does not allow negative values. Should the pool use a token without such check, an attacker could attempt to subtract pooled funds by providing negative liquidity values.Recommendation Add the
validate_int_parameters
function to ensure that values are not negative. Similarly to what's done in the volatile pool code.