In BasePool.sol, the swap function takes in a to address in which it transfers the destination asset to. It checks that the address is not the native or foreign asset but there is no check that the "to" address is not the contract itself. This check should be added as a safe guard for the user.
Handle
jayjonah8
Vulnerability details
Impact
In BasePool.sol, the swap function takes in a to address in which it transfers the destination asset to. It checks that the address is not the native or foreign asset but there is no check that the "to" address is not the contract itself. This check should be added as a safe guard for the user.
Proof of Concept
https://github.com/code-423n4/2021-12-vader/blob/main/contracts/dex/pool/BasePool.sol#L288
Tools Used
Manual code review
Recommended Mitigation Steps
require(address(to) != address(this), "to address cannot be this contract")