Closed code423n4 closed 1 year ago
JeffCX marked the issue as low quality report
JeffCX marked the issue as primary issue
if !params.MaxSwapAmount.AmountOf(msg.MaxToken.Denom).IsPositive() {
return sdk.Coin{}, sdkerrors.Wrapf(types.ErrInvalidDenom,
"MaxToken %s is not registered in max swap amount", msg.MaxToken.Denom)
}
I believe the expected check occurs here, will leave open for sponsor comment before closing
@c4-sponsor
if !params.MaxSwapAmount.AmountOf(msg.MaxToken.Denom).IsPositive() { return sdk.Coin{}, sdkerrors.Wrapf(types.ErrInvalidDenom, "MaxToken %s is not registered in max swap amount", msg.MaxToken.Denom) }
I believe the expected check occurs here, will leave open for sponsor comment before closing
yes confirmed, whitelist check happens in addLiquidity function
0xean marked the issue as unsatisfactory: Invalid
Lines of code
https://github.com/code-423n4/2023-06-canto/blob/main/Canto/x/coinswap/keeper/pool.go#L15
Vulnerability details
Class
Medium
Impact
In the docs:
However, there is no logic that prevents from creating non-whitelisted pairs. The check is only happening in In OnRecvPacket when converting the coins.
Proof of Concept
https://github.com/code-423n4/2023-06-canto/blob/main/Canto/x/coinswap/keeper/pool.go#L15
CreatePool is called on liqudityCreate
https://github.com/code-423n4/2023-06-canto/blob/main/Canto/x/coinswap/keeper/keeper.go#L149
Tools Used
Manual analysis
Recommended Mitigation Steps
Check if the pair is whitelisted before creating the pool.
Assessed type
Other