berndartmueller
commented
1 year ago Dupe of wardens's other submission https://github.com/code-423n4/2023-01-numoen-findings/issues/282
Closed code423n4 closed 1 year ago
berndartmueller
commented
1 year ago Dupe of wardens's other submission https://github.com/code-423n4/2023-01-numoen-findings/issues/282
c4-judge
commented
1 year ago berndartmueller marked the issue as nullified
Lines of code
https://github.com/code-423n4/2023-01-numoen/blob/2ad9a73d793ea23a25a381faadc86ae0c8cb5913/src/core/Pair.sol#L116
Vulnerability details
Impact
In the swap function, it is unchecked that the to address is not the address of the tokens. This will not lead to a loss of funds because the flashloan will actually revert, but sanity checks like this one should be made following for instance uniswap implementation.
Tools Used
manual
Recommended Mitigation StepsAdd a require statement like this one:
require(to != _token0 && to != _token1, 'INVALID_TO');