Closed code423n4 closed 1 year ago
JeffCX marked the issue as low quality report
if denom1 != standardDenom && denom2 != standardDenom {
return "", sdkerrors.Wrap(types.ErrNotContainStandardDenom, fmt.Sprintf("standard denom: %s, denom1: %s, denom2: %s", standardDenom, denom1, denom2))
}
the && operator is the correct logic
0xean marked the issue as unsatisfactory: Invalid
Lines of code
https://github.com/code-423n4/2023-06-canto/blob/a4ff2fd2e67e77e36528fad99f9d88149a5e8532/Canto/x/coinswap/keeper/pool.go#L98
Vulnerability details
Impact
Wrong conditional when checking for non-standard denoms
Proof of Concept
The conditional is used to sanitize if the
denom1
anddenom2
are indeedstandardDenom
(see the error in the next line). However, the condition can be bypassed with one of them being standard whilst the other one is not.Tools Used
Manual analysis
Recommended Mitigation Steps
Change the conditional to
||
instead of&&
Assessed type
Invalid Validation