Closed code423n4 closed 1 year ago
JeffCX marked the issue as low quality report
They are just trying to cast the value with i.(TYPE) and check if there is an error. There is no further validations (e. g. validateAutoSwapThreshold is just checking the parameter is an sdk.Int and it is >= 0 (it could be 0, IDK if it is intentional or a flaw))
yes, the threshold can be set to 0, which is a expected admin configuration to disable swap, don't think this is a vulnerability
0xean marked the issue as unsatisfactory: Insufficient quality
Lines of code
https://github.com/code-423n4/2023-06-canto/blob/a4ff2fd2e67e77e36528fad99f9d88149a5e8532/Canto/x/onboarding/types/params.go#L58 https://github.com/code-423n4/2023-06-canto/blob/a4ff2fd2e67e77e36528fad99f9d88149a5e8532/Canto/x/onboarding/types/params.go#L76
Vulnerability details
Impact
The validate functions are just checking the parameters type without checking any further information
Proof of Concept
They are just trying to cast the value with
i.(TYPE)
and check if there is an error. There is no further validations (e. g. validateAutoSwapThreshold is just checking the parameter is ansdk.Int
and it is >= 0 (it could be 0, IDK if it is intentional or a flaw))Tools Used
Manual analysis
Recommended Mitigation Steps
Do the neccessary checks or rename the functions to
checkString
andcheckInt
like hereAssessed type
Invalid Validation