search

code-423n4 / 2023-06-canto-findings

1 stars 0 forks source link

Lack of checks for non-zero values #54

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-06-canto/blob/a4ff2fd2e67e77e36528fad99f9d88149a5e8532/Canto/x/coinswap/keeper/pool.go#L59

Vulnerability details

Impact

Lack of propper parameter validation

Proof of Concept

The GetPoolByLptDenom function takes lptDenom as an input parameter and uses it right away as an argument to retrieve a pool from the KVStore. However, if it is empty or invalid, the function will attempt to do it regardless, which may lead to unexpected behavior (the check could be in the Get function, I didn't go any further because you shall not naively trust third parties APIs, just focus on what your code does).

Tools Used

Manual analysis

Recommended Mitigation Steps

Check for null or invalid lptDenom

Assessed type

Invalid Validation

c4-pre-sort commented 1 year ago

JeffCX marked the issue as low quality report

JeffCX commented 1 year ago

Lack of proof and detail

c4-judge commented 1 year ago

0xean marked the issue as unsatisfactory: Insufficient quality