Closed code423n4 closed 2 years ago
danb
https://github.com/code-423n4/2022-01-elasticswap/blob/main/elasticswap/src/contracts/ExchangeFactory.sol#L38
the name and symbol of the pool is chosen by the creator, this name can be wrong and misleading.
I suggest constructing the token name and symbol by the underlying tokens names,
example from timeswap:
function name() external view override returns (string memory) { string memory assetName = pair.asset().safeName(); string memory collateralName = pair.collateral().safeName(); return string( abi.encodePacked('Timeswap Liquidity - ', assetName, ' - ', collateralName, ' - ', maturity.toString()) ); }
https://github.com/code-423n4/2022-01-timeswap/blob/main/Timeswap/Timeswap-V1-Convenience/contracts/Liquidity.sol#L22
dupe of #110
0xean
commented
2 years ago 0xean
commented
2 years ago
Handle
danb
Vulnerability details
https://github.com/code-423n4/2022-01-elasticswap/blob/main/elasticswap/src/contracts/ExchangeFactory.sol#L38
the name and symbol of the pool is chosen by the creator, this name can be wrong and misleading.
Recommended Mitigation Steps
I suggest constructing the token name and symbol by the underlying tokens names,
example from timeswap:
https://github.com/code-423n4/2022-01-timeswap/blob/main/Timeswap/Timeswap-V1-Convenience/contracts/Liquidity.sol#L22