There is no check that ensures the token pair does exists.
Proof of Concept
he code assumes that if a token pair ID is not registered or if the token pair is not enabled, the conversion process will be skipped. However, there is no explicit check or validation for the existence of the token pair (the if !tokenpair exists before the conditionals is missing ~~)
Tools Used
Manual analysis
Recommended Mitigation Steps
Check for the existence of the token pair before continuing with the execution (kind of mapping with avaiable token pairs, IDK)
Lines of code
https://github.com/code-423n4/2023-06-canto/blob/a4ff2fd2e67e77e36528fad99f9d88149a5e8532/Canto/x/onboarding/keeper/ibc_callbacks.go#L112 https://github.com/code-423n4/2023-06-canto/blob/a4ff2fd2e67e77e36528fad99f9d88149a5e8532/Canto/x/onboarding/keeper/ibc_callbacks.go#L119
Vulnerability details
Impact
There is no check that ensures the token pair does exists.
Proof of Concept
he code assumes that if a token pair ID is not registered or if the token pair is not enabled, the conversion process will be skipped. However, there is no explicit check or validation for the existence of the token pair (the
if !tokenpair exists
before the conditionals is missing ~~)Tools Used
Manual analysis
Recommended Mitigation Steps
Check for the existence of the token pair before continuing with the execution (kind of mapping with avaiable token pairs, IDK)
Assessed type
Invalid Validation