code-423n4 2023-06-canto-findings issues

code-423n4 / 2023-06-canto-findings

1 stars 0 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

The `calculateWithExactInput` uses the same state's values for all transactions in the block

#106 code423n4 closed 1 year ago
5
Token pairs that are not whitelisted can be created as a pool

#105 code423n4 closed 1 year ago
6
GetAllPools could panic at iterator loop

#104 code423n4 closed 1 year ago
3
GetStandardDenom at CreatePool might panic on unchecked nil

#103 code423n4 closed 1 year ago
3
On OnRecvPacket, `TradeInputForExactOutput` is called with all the amount of the transferred coin as a maximum which is not safe.

#102 code423n4 closed 1 year ago
2
Analysis

#101 code423n4 closed 1 year ago
2
Add check to disallow creation of Standard Denomination pool

#100 code423n4 closed 1 year ago
3
GTE should be GT in `calculateWithExactOutput`

#99 code423n4 closed 1 year ago
4
Analysis

#98 code423n4 opened 1 year ago
4
QA Report

#97 code423n4 opened 1 year ago
2
There is no deadline for swaps

#96 code423n4 closed 1 year ago
2
Default coin spend limit was set wrong for ETH

#95 code423n4 closed 1 year ago
3
The number of Canto coins in the liquidity pools potentially exceeds the limit

#94 code423n4 closed 1 year ago
6
User with canto balance under the treshold will receive 4 `canto` for every transaction wich will be included in a block

#93 code423n4 closed 1 year ago
3
QA Report

#92 code423n4 closed 1 year ago
1
D

#91 code423n4 closed 1 year ago
2
User funds can be lost

#90 code423n4 closed 1 year ago
3
Analysis

#89 code423n4 closed 1 year ago
2
Canto pool could be drained.

#88 code423n4 closed 1 year ago
3
The amount of Canto to swap in onboarding should be adjusted according to the user's Canto balance

#87 code423n4 opened 1 year ago
7
The validation of the source channel is performed incorrectly

#86 code423n4 closed 1 year ago
2
Analysis

#85 code423n4 closed 1 year ago
2
Almost all of the github.com/cosmos/cosmos-sdk/types will be deprecated

#84 code423n4 closed 1 year ago
3
Analysis

#83 code423n4 closed 1 year ago
2
Analysis

#82 code423n4 closed 1 year ago
2
AutoSwapThreshold field is not checked for exceeding MaxAutoSwapThreshold constant

#81 code423n4 closed 1 year ago
3
The last error in `swap.go#swapCoins()` was not handled correctly.

#80 code423n4 closed 1 year ago
5
Benchmark of 4 Canto may face swapping issues if Canto is valued extremely highly

#79 code423n4 closed 1 year ago
4
Lack of deadline parameter when executing swaps

#78 code423n4 closed 1 year ago
4
users being overcharged or not receiving the full amount of coins as they expected caused by the incorrect calculation of the amount of coins bought

#77 code423n4 closed 1 year ago
3
Users potentially cannot have Canto token swapped automatically when bridging assets to the Canto Network

#76 code423n4 closed 1 year ago
4
Analysis

#75 code423n4 closed 1 year ago
2
Slippage protection minOut autoSwapThreshold is not effective when swapping the token

#74 code423n4 closed 1 year ago
4
QA Report

#73 code423n4 closed 1 year ago
2
Standard coin deposit limit can be bypassed by direct transfer

#72 code423n4 closed 1 year ago
4
Potential risk of using `swappedAmount` in case of swap error

#71 code423n4 opened 1 year ago
5
Missing store revert in case of erc20 conversion error can lead to loss of funds

#70 code423n4 closed 1 year ago
5
Missing store revert in case of swap error can lead to loss of funds

#69 code423n4 closed 1 year ago
3
Missing slippage protection leads to potential sandwich of small transfers or blocking the swap feature

#68 code423n4 closed 1 year ago
2
Analysis

#67 code423n4 closed 1 year ago
2
Onboarding middleware should not support contract addresses

#66 code423n4 closed 1 year ago
4
TimeoutTimeStamp and TimeoutHeight fields are not properly validated

#65 code423n4 closed 1 year ago
4
Analysis

#64 code423n4 opened 1 year ago
5
Onboarding::Keeper::Ibc_callbacks lacks two key validations which could cause user fund lost

#63 code423n4 opened 1 year ago
6
QA Report

#62 code423n4 opened 1 year ago
1
Analysis

#61 code423n4 opened 1 year ago
6
Lack of checks for reserve being zero

#60 code423n4 closed 1 year ago
4
QA Report

#59 code423n4 opened 1 year ago
3
An error could lead to coins not being returned to user

#58 code423n4 closed 1 year ago
4
Analysis

#57 code423n4 closed 1 year ago
2