search

code-423n4 / 2023-06-canto-findings

1 stars 0 forks source link

An error could lead to coins not being returned to user #58

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-06-canto/blob/a4ff2fd2e67e77e36528fad99f9d88149a5e8532/Canto/x/coinswap/keeper/swap.go#L26

Vulnerability details

Impact

The function swapCoins does check that SendCoins does receive them correctly here but not when sending them to the user here

Proof of Concept

If there is an error returning the swapped coins to the user, they will remain locked. There is no history of swaps which could be used to retrieve the lost funds, so there is no way to take them back upon an error.

Tools Used

Manual analysis

Recommended Mitigation Steps

Follow the same approach as in receiving the coins (the if-err-nill and all of that)

Assessed type

Token-Transfer

c4-pre-sort commented 1 year ago

JeffCX marked the issue as duplicate of #5

c4-pre-sort commented 1 year ago

JeffCX marked the issue as duplicate of #80

c4-judge commented 1 year ago

0xean marked the issue as satisfactory

c4-judge commented 1 year ago

0xean changed the severity to 2 (Med Risk)