loki-sama
commented
2 years ago No need to check for every value that could be set wrong
Closed code423n4 closed 2 years ago
loki-sama
commented
2 years ago No need to check for every value that could be set wrong
0xleastwood
commented
2 years ago Agree with sponsor, this adds unnecessary overhead for a trusted deployment setup.
Handle
jayjonah8
Vulnerability details
Impact
In SingleTokenJoin.sol, the constructor accepts 2 addresses which are _INTERMEDIATE_TOKEN and _uniSwapLikeRouter and sets them in storage without ensuring that they are both different. This check can avoid costly mistakes during deployment.
Proof of Concept
https://github.com/code-423n4/2021-12-amun/blob/main/contracts/basket/contracts/singleJoinExit/SingleTokenJoin.sol#L30
Tools Used
Manual code review
Recommended Mitigation Steps
Add to constructor: require(_INTERMEDIATE_TOKEN != _uniSwapLikeRouter, "DUPLICATE ADDRESS")