search

code-423n4 / 2023-06-canto-findings

1 stars 0 forks source link

Incorrect maxSwapAmount checked #11

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-06-canto/blob/a4ff2fd2e67e77e36528fad99f9d88149a5e8532/Canto/x/coinswap/keeper/swap.go#L102

Vulnerability details

Impact

On onboarding, a part of the the received tokens will be swapped for 4 canto. To partially protect users, a maximum amount of tokens to be used for the swap is set. According to the documentation: 

For risk management purposes, a swap will fail if the input coin amount exceeds a pre-defined limit (10 USDC, 10 USDT, 0.01 ETH) or if the swap amount limit is not defined.

For this swap, it uses the coinswap module. The maximum values there are defined as

        sdk.NewCoin(UsdcIBCDenom, sdk.NewIntWithDecimal(10, 6)),
        sdk.NewCoin(UsdtIBCDenom, sdk.NewIntWithDecimal(10, 6)),
        sdk.NewCoin(EthIBCDenom, sdk.NewIntWithDecimal(1, 17)),

Here the EthIBCDenom value is 1e17, which is 0.1 Eth instead of the intended 0.01 Eth This means the intended protection is off by a factor 10.

Recommended Mitigation Steps

Set the maxSwapAmount for EthIBDenom to sdk.NewCoin(EthIBCDenom, sdk.NewIntWithDecimal(1, 16)), to represent the correct value of 0.01 Eth.

Assessed type

Decimal

c4-pre-sort commented 1 year ago

JeffCX marked the issue as primary issue

c4-pre-sort commented 1 year ago

JeffCX marked the issue as duplicate of #8

c4-judge commented 1 year ago

0xean marked the issue as satisfactory

c4-judge commented 1 year ago

0xean changed the severity to 3 (High Risk)