The function calculateWithExactInput and calculateWithExactOutput go on with their execution even if the reserves are 0
Proof of Concept
The functions do check for reserves not being negative. However, they do not check if they are 0, thus continuing with the execution and doing the maths with 0's around (there is a k/0 which could revert the execution)
Tools Used
Manual analysis
Recommended Mitigation Steps
Add a check for reserves being 0 like you did with the negative values with if !inputReserve.IsPositive() and if !outputReserve.IsPositive()
Lines of code
https://github.com/code-423n4/2023-06-canto/blob/a4ff2fd2e67e77e36528fad99f9d88149a5e8532/Canto/x/coinswap/keeper/swap.go#L48-L59 https://github.com/code-423n4/2023-06-canto/blob/a4ff2fd2e67e77e36528fad99f9d88149a5e8532/Canto/x/coinswap/keeper/swap.go#L139-L150
Vulnerability details
Impact
The function
calculateWithExactInput
andcalculateWithExactOutput
go on with their execution even if the reserves are 0Proof of Concept
The functions do check for reserves not being negative. However, they do not check if they are 0, thus continuing with the execution and doing the maths with 0's around (there is a k/0 which could revert the execution)
Tools Used
Manual analysis
Recommended Mitigation Steps
Add a check for reserves being 0 like you did with the negative values with
if !inputReserve.IsPositive()
andif !outputReserve.IsPositive()
Assessed type
Invalid Validation