inputReserve and outputReserve is gotten from the reservePool return However reservePool could be nil and since not handled or checked it results to inaccurate inputReserve and outputReserve
Proof of Concept
inputReserve and outputReserve are gotten using the reservePool, which is gotten from the GetPoolBalances function. This function returns the liquidity pool as well as an err variable which could be contain error or be nil which is checked and handled when called, However the reservePool could also return nil when acc == nil (https://github.com/code-423n4/2023-06-canto/blob/main/Canto/x/coinswap/keeper/pool.go#L77) but isn't handled and is neglected by the protocol when called
Tools Used
Manual Review
Recommended Mitigation Steps
Don't only check the err variable returned and neglect the reservePool value returned from the GetPoolBalances. Check or handle the value returned for the reservePool variable
Lines of code
https://github.com/code-423n4/2023-06-canto/blob/main/Canto/x/coinswap/keeper/swap.go#L43 https://github.com/code-423n4/2023-06-canto/blob/main/Canto/x/coinswap/keeper/swap.go#L131 https://github.com/code-423n4/2023-06-canto/blob/main/Canto/x/coinswap/keeper/pool.go#L77
Vulnerability details
Impact
inputReserve and outputReserve is gotten from the reservePool return However reservePool could be nil and since not handled or checked it results to inaccurate inputReserve and outputReserve
Proof of Concept
inputReserve and outputReserve are gotten using the reservePool, which is gotten from the
GetPoolBalances
function. This function returns the liquidity pool as well as an err variable which could be contain error or be nil which is checked and handled when called, However the reservePool could also return nil when acc == nil (https://github.com/code-423n4/2023-06-canto/blob/main/Canto/x/coinswap/keeper/pool.go#L77) but isn't handled and is neglected by the protocol when calledTools Used
Manual Review
Recommended Mitigation Steps
Don't only check the err variable returned and neglect the reservePool value returned from the
GetPoolBalances
. Check or handle the value returned for the reservePool variableAssessed type
Invalid Validation