c4-pre-sort
commented
1 year ago JeffCX marked the issue as low quality report
Closed code423n4 closed 1 year ago
c4-pre-sort
commented
1 year ago JeffCX marked the issue as low quality report
JeffCX
commented
1 year ago Lack of impact and exploit path and detail
c4-judge
commented
1 year ago 0xean marked the issue as unsatisfactory: Insufficient quality
Lines of code
https://github.com/code-423n4/2023-06-canto/blob/a4ff2fd2e67e77e36528fad99f9d88149a5e8532/Canto/x/onboarding/keeper/ibc_callbacks.go#L112 https://github.com/code-423n4/2023-06-canto/blob/a4ff2fd2e67e77e36528fad99f9d88149a5e8532/Canto/x/onboarding/keeper/ibc_callbacks.go#L119
Vulnerability details
Impact
There is no check that ensures the token pair does exists.
Proof of Concept
he code assumes that if a token pair ID is not registered or if the token pair is not enabled, the conversion process will be skipped. However, there is no explicit check or validation for the existence of the token pair (the
if !tokenpair existsbefore the conditionals is missing ~~)Tools Used
Manual analysis
Recommended Mitigation Steps
Check for the existence of the token pair before continuing with the execution (kind of mapping with avaiable token pairs, IDK)
Assessed type
Invalid Validation