There is an error in the code regarding the maximum a user can spend for the 4 Canto swap to minimize risk of slippage. While the documentation claim it to be 0.01 ETH, in the code it is defined as 0.1 ETH, which is a 10x value increase and significant.
While this file is not in scope, it seems an important miss and should be considered for the bounty contest and I would class it as Medium as could harm user fund if exploited.
Proof of Concept
The team understand the problem regarding slippage, which is why they impose those maximum limit, so I don't feel I need to make any proof of concept here. The main idea being that the pool is very low in liquidity and the swap could cost much more then it should for the 4 Canto token.
Tools Used
Code examimation
Recommended Mitigation Steps
Apply the fix
sdk.NewCoin(EthIBCDenom, sdk.NewIntWithDecimal(1, 16)), // to represent 0.01 ETH
Besides, having those maximum while it helps to reduce the slippage risk issue, it also put a constraint on the maximum price Canto could go for the swap functionality to continue working during the onboarding process. For example, if the canto real price goes above 3 USD, the swap would stop working as a whole for stablecoin deposits (capped at 10 USD, 4 X 3 USD == 12 USD), which is not ideal either, but ok to get started. I would recommend the team to think of a solution that is more future proof.
Lines of code
https://github.com/code-423n4/2023-06-canto/blob/main/Canto/x/coinswap/types/params.go#L34
Vulnerability details
Impact
There is an error in the code regarding the
maximum a user can spend for the 4 Canto swap
to minimize risk of slippage. While the documentation claim it to be0.01 ETH
, in the code it is defined as0.1 ETH
, which is a10x value increase
and significant.While this file is not in scope, it seems an important miss and should be considered for the bounty contest and I would class it as
Medium
as could harm user fund if exploited.Proof of Concept
The team understand the problem regarding slippage, which is why they impose those maximum limit, so I don't feel I need to make any proof of concept here. The main idea being that the pool
is very low in liquidity
and the swap could cost much more then it should for the 4 Canto token.Tools Used
Code examimation
Recommended Mitigation Steps
Apply the fix
sdk.NewCoin(EthIBCDenom, sdk.NewIntWithDecimal(1, 16)), // to represent 0.01 ETH
Besides, having those maximum while it helps to reduce the slippage risk issue, it also put a constraint on the maximum price Canto could go for the swap functionality to continue working during the onboarding process. For example, if the canto real price goes above 3 USD, the swap would stop working as a whole for stablecoin deposits (capped at 10 USD, 4 X 3 USD == 12 USD), which is not ideal either, but ok to get started. I would recommend the team to think of a solution that is more future proof.
Assessed type
Math