Closed code423n4 closed 1 year ago
https://github.com/code-423n4/2023-06-canto/blob/main/Canto/x/coinswap/keeper/pool.go#L50
A panic could occur in GetAllPools and stop the program
https://github.com/code-423n4/2023-06-canto/blob/main/Canto/x/coinswap/keeper/pool.go#L50 there is no check for pool value if nil or not before calling MustUnmarshal which could lead to a panic issue in the program
pool
MustUnmarshal
func (k Keeper) GetAllPools(ctx sdk.Context) (pools []types.Pool) { store := ctx.KVStore(k.storeKey) iterator := sdk.KVStorePrefixIterator(store, []byte(types.KeyPool)) defer iterator.Close() for ; iterator.Valid(); iterator.Next() { var pool types.Pool k.cdc.MustUnmarshal(iterator.Value(), &pool) pools = append(pools, pool) } return }
Manual Review
check if pool == nil and use call MustUnmarshal for it if it is, by a return.
Other
JeffCX marked the issue as low quality report
var pool types.Pool is a placer holder variable here, don't think the finding valid with more proof
0xean marked the issue as unsatisfactory: Insufficient proof
Lines of code
https://github.com/code-423n4/2023-06-canto/blob/main/Canto/x/coinswap/keeper/pool.go#L50
Vulnerability details
Impact
A panic could occur in GetAllPools and stop the program
Proof of Concept
https://github.com/code-423n4/2023-06-canto/blob/main/Canto/x/coinswap/keeper/pool.go#L50 there is no check for
pool
value if nil or not before callingMustUnmarshal
which could lead to a panic issue in the programTools Used
Manual Review
Recommended Mitigation Steps
check if
pool
== nil and use call MustUnmarshal for it if it is, by a return.Assessed type
Other