The createPool function of PoolFactory does not check that the provided parameter token is valid, as done in a similar function, createPoolADD. Without these checks, it is possible to create a pool using a token with decimals other than 18, thus breaking all functions implemented based on this assumption.
SamusElderg
commented
3 years ago
Handle
shw
Vulnerability details
Impact
The
createPoolfunction ofPoolFactorydoes not check that the provided parametertokenis valid, as done in a similar function,createPoolADD. Without these checks, it is possible to create a pool using a token with decimals other than 18, thus breaking all functions implemented based on this assumption.Proof of Concept
Referenced code: poolFactory.sol#L50 poolFactory.sol#L65-L77
Recommended Mitigation Steps
Add a
require(_token != BASE && iBEP20(_token).decimals() == 18);check in thecreatePoolfunction after line 68.