In BasePool.sol the _mint() function accepts a "from" and "to" address but the is no require check ensuring that these two addresses are unique. There has been many hug bugs as a result of forgetting to make this check as it can be used to manipulate the protocol.
Handle
jayjonah8
Vulnerability details
Impact
In BasePool.sol the _mint() function accepts a "from" and "to" address but the is no require check ensuring that these two addresses are unique. There has been many hug bugs as a result of forgetting to make this check as it can be used to manipulate the protocol.
Proof of Concept
https://github.com/code-423n4/2021-12-vader/blob/main/contracts/dex-v2/pool/BasePoolV2.sol#L479
https://medium.com/@Knownsec_Blockchain_Lab/knownsec-blockchain-lab-i-kill-myself-monox-finance-security-incident-analysis-2dcb4d5ac8f
Tools Used
Manual code review
Recommended Mitigation Steps
require(address(from) != address(to), "from and to cannot be same address")