JeffCX
commented
1 year ago Insufficient Prove and lack of clearly described impact
Closed code423n4 closed 1 year ago
JeffCX
commented
1 year ago Insufficient Prove and lack of clearly described impact
c4-pre-sort
commented
1 year ago JeffCX marked the issue as low quality report
c4-judge
commented
1 year ago 0xean marked the issue as unsatisfactory: Invalid
Lines of code
https://github.com/code-423n4/2023-06-canto/blob/a4ff2fd2e67e77e36528fad99f9d88149a5e8532/Canto/x/coinswap/keeper/pool.go#L157
Vulnerability details
Impact
There is no way to check that the
sequenceparameter is indeed a correct oneProof of Concept
It is being passed straight to a function which modifies the KVStore's pools, thus it could be any value due to not being checked (e. g. it could be 0, 0xFFFFFF..., a non-existent pool sequence, a collision with an existent one...)
Tools Used
Manual analysis
Recommended Mitigation Steps
Sanitize that parameter with the before-said situations
Assessed type
Invalid Validation