Closed code423n4 closed 1 year ago
https://github.com/code-423n4/2023-05-ajna/blob/276942bc2f97488d07b887c8edceaaab7a5c3964/ajna-core/src/PositionManager.sol#L522 https://github.com/code-423n4/2023-05-ajna/blob/276942bc2f97488d07b887c8edceaaab7a5c3964/ajna-core/src/PositionManager.sol#L523
tokenURI function: IPool(poolKey[tokenId_]) should be checked if exists before creating a new NFT position.
IPool(poolKey[tokenId_]) should be checked if exists before creating a new NFT position since this will overwrite the existing pool for the same NFT.
Instances: 2
File: 2023-05-ajna/ajna-core/src/PositionManager.sol Line 522: address collateralTokenAddress = IPool(poolKey[tokenId_]).collateralAddress(); Line 523: address quoteTokenAddress = IPool(poolKey[tokenId_]).quoteTokenAddress();
Manual Testing.
IPool(poolKey[tokenId_]) must be checked if exists to prevent overwriting the existing pool.
Other
Picodes marked the issue as unsatisfactory: Overinflated severity
Lines of code
https://github.com/code-423n4/2023-05-ajna/blob/276942bc2f97488d07b887c8edceaaab7a5c3964/ajna-core/src/PositionManager.sol#L522 https://github.com/code-423n4/2023-05-ajna/blob/276942bc2f97488d07b887c8edceaaab7a5c3964/ajna-core/src/PositionManager.sol#L523
Vulnerability details
[H-03]
tokenURI function: IPool(poolKey[tokenId_]) should be checked if exists before creating a new NFT position.
Vulnerability Details
IPool(poolKey[tokenId_]) should be checked if exists before creating a new NFT position since this will overwrite the existing pool for the same NFT.
Impact
IPool(poolKey[tokenId_]) should be checked if exists before creating a new NFT position since this will overwrite the existing pool for the same NFT.
Proof of Concept
Instances: 2
Tools Used
Manual Testing.
Recommended Mitigation Steps
IPool(poolKey[tokenId_]) must be checked if exists to prevent overwriting the existing pool.
Assessed type
Other