SamusElderg
commented
3 years ago Good pickup; we should have documented that the BNB pool will be deployed with mainnet 👍 Non-critical for that reason.
Open code423n4 opened 3 years ago
SamusElderg
commented
3 years ago Good pickup; we should have documented that the BNB pool will be deployed with mainnet 👍 Non-critical for that reason.
ghoul-sol
commented
3 years ago Per sponsor comment, non-critical
Handle
0xRajeev
Vulnerability details
Impact
createPoolADD has a check for ensuring that token listed for creating the pool is not the BASE SPARTA token and has 18 decimals. A similar check is required in createPool even though it is onlyDAO accessible to prevent accidental listing of BASE token or tokens with decimals != 18. If not, the protocol constraints will be broken.
Proof of Concept
https://github.com/code-423n4/2021-07-spartan/blob/e2555aab44d9760fdd640df9095b7235b70f035e/contracts/poolFactory.sol#L50
https://github.com/code-423n4/2021-07-spartan/blob/e2555aab44d9760fdd640df9095b7235b70f035e/contracts/poolFactory.sol#L64-L77
Tools Used
Manual Analysis
Recommended Mitigation Steps
Add suggested check or document why it is not required.