A token swap via NXTPFacet::swapAndCompleteBridgeTokensViaNXTP in which the receiving amount of tokens is zero does not fail.
Proof of Concept
The function NXTPFacet::swapAndCompleteBridgeTokensViaNXTP does not require that the token balance after the swap is higher than the token balance before the swap (see line 165).
Recommended Mitigation Steps
Add a require statement checking that postSwapBalance - startingBalance > 0 after the _executeSwap call.
Lines of code
https://github.com/code-423n4/2022-03-lifinance/blob/main/src/Facets/NXTPFacet.sol#L165
Vulnerability details
Impact
A token swap via
NXTPFacet::swapAndCompleteBridgeTokensViaNXTP
in which the receiving amount of tokens is zero does not fail.Proof of Concept
The function
NXTPFacet::swapAndCompleteBridgeTokensViaNXTP
does not require that the token balance after the swap is higher than the token balance before the swap (see line 165).Recommended Mitigation Steps
Add a require statement checking that
postSwapBalance - startingBalance > 0
after the_executeSwap
call.