Open code423n4 opened 2 years ago
+1 no disagreement here, nice catch of an oversight.
@jkilpatr is this actually used anywhere? I don't see it really used in the core code besides the tests.
and if so it deserves a N classification imo
Double checking the actual commit hash for the audit it doesn't seem to be used.
So I suppose you are right, but we have used this bug report to improve that check and now we are using it everywhere we can. I would say this report was useful even if it's not quite a bug.
reopening as per judges assessment as "primary issue" on findings sheet
corrected severity by relabeling from medium to non-critical, as per judges findings
Handle
defsec
Vulnerability details
Impact
During the manual code review, It has been observed that on the cosmos side Coin amount has not been checked on the token definition. That can use misfunctionality on the bridge. Although zero amount definition fee will be calculated. That can cause lose of user funds.
Proof of Concept
Tools Used
Recommended Mitigation Steps
Add the following validation steps on the ValidationBasic function.