There is no way to check that the sequence parameter is indeed a correct one
Proof of Concept
It is being passed straight to a function which modifies the KVStore's pools, thus it could be any value due to not being checked (e. g. it could be 0, 0xFFFFFF..., a non-existent pool sequence, a collision with an existent one...)
Tools Used
Manual analysis
Recommended Mitigation Steps
Sanitize that parameter with the before-said situations
Lines of code
https://github.com/code-423n4/2023-06-canto/blob/a4ff2fd2e67e77e36528fad99f9d88149a5e8532/Canto/x/coinswap/keeper/pool.go#L157
Vulnerability details
Impact
There is no way to check that the
sequence
parameter is indeed a correct oneProof of Concept
It is being passed straight to a function which modifies the KVStore's pools, thus it could be any value due to not being checked (e. g. it could be 0, 0xFFFFFF..., a non-existent pool sequence, a collision with an existent one...)
Tools Used
Manual analysis
Recommended Mitigation Steps
Sanitize that parameter with the before-said situations
Assessed type
Invalid Validation