search

code-423n4 / 2021-09-wildcredit-findings

0 stars 0 forks source link

Token address should not be PairFactory address #75

Closed code423n4 closed 2 years ago

code423n4 commented 2 years ago

Handle

0xRajeev

Vulnerability details

Impact

While createPair() checks for token addresses to not be zero addresses and different from each other, it is best practice for lending/swapping protocols to also check that token address != address(this) i.e. contract address, which could likely mess things up with accounting and/or access control.

Proof of Concept

https://github.com/code-423n4/2021-09-wildcredit/blob/c48235289a25b2134bb16530185483e8c85507f8/contracts/PairFactory.sol#L51-L53

Tools Used

Manual Analysis

Recommended Mitigation Steps

Add a check to ensure that tokenA and tokenB is != address(this) or evaluate if this is not a risk to avoid such checks.

talegift commented 2 years ago

This would already be revered due to the later check:

require(
  lendingController.tokenSupported(tokenA) && lendingController.tokenSupported(tokenB),
  "PairFactory: token not supported"
);

https://github.com/code-423n4/2021-09-wildcredit/blob/c48235289a25b2134bb16530185483e8c85507f8/contracts/PairFactory.sol#L58

ghoul-sol commented 2 years ago

per sponsor comment, invalid