createNewExchange doesnt check that pair already exists but in different order.
Impact
factory can have duplicates
Proof of Concept
let's say alice create a pool of usdc-usdt where _baseToken is usdc and _quoteToken is usdt, then bob creates a pool of usdc-usdt where _baseToken is usdt and _quoteToken is usdc.
now there are two pairs of usdc-usdt.
0xean
commented
2 years ago
Handle
danb
Vulnerability details
https://github.com/code-423n4/2022-01-elasticswap/blob/main/elasticswap/src/contracts/ExchangeFactory.sol#L38
createNewExchangedoesnt check that pair already exists but in different order.Impact
factory can have duplicates
Proof of Concept
let's say alice create a pool of usdc-usdt where
_baseTokenis usdc and_quoteTokenis usdt, then bob creates a pool of usdc-usdt where_baseTokenis usdt and_quoteTokenis usdc. now there are two pairs of usdc-usdt.Tools Used
manual review
Recommended Mitigation Steps
check uniswap v2 solution for handling duplicates in the factory https://github.com/Uniswap/v2-core/blob/master/contracts/UniswapV2Factory.sol#L23