SamusElderg
commented
3 years ago Duplicate of #136
Closed code423n4 closed 3 years ago
SamusElderg
commented
3 years ago Duplicate of #136
ghoul-sol
commented
3 years ago Duplicate of #136 so non-critical
Handle
0xsanson
Vulnerability details
Impact
In createPool() function in poolFactory.sol, there's an input validation missing compared to createPoolADD():
require(_token != BASE && iBEP20(_token).decimals() == 18);. Even if this function is only callable by the Dao, it's still possible that an incorrect input is provided by mistake.Proof of Concept
https://github.com/code-423n4/2021-07-spartan/blob/main/contracts/poolFactory.sol#L47
Tools Used
editor
Recommended Mitigation Steps
Add the aforementioned line.