users being overcharged or not receiving the full amount of coins as they expected caused by the incorrect calculation of the amount of coins bought #77
in the GetInputPrice function there a line inputAmtWithFee := inputAmt.Mul(sdk.NewIntFromBigInt(deltaFee.BigInt()))
tat make a problem so here we have in that line in the GetInputPrice function, the sdk.NewIntFromBigInt function it's takes the big.Int as an argument, but the deltaFee variable is a sdk.Dec. Since sdk.Dec is a type alias for big.Rat, we can't directly pass it to sdk.NewIntFromBigInt. Instead, we need to convert it to a big.Int first, so the problem is that if we do not convert the deltaFee variable to a big.Int, the sdk.NewIntFromBigInt function will fail and the GetInputPrice function will return an incorrect value. This incorrect value could lead to users being charged more than they expected, or not receiving the full amount of coins that they were expecting.
Here some resume for this bug :
The deltaFee variable is a sdk.Dec, but the sdk.NewIntFromBigInt function takes a *big.Int as an argument. so the problem is caused mismatch.
this problem can someone exploit it by a malicious user to overcharge or underpay for coins
Proof of Concept
Here is a scenario that can happen if someone exploit this :
the user inputs the amount of coins that they want to buy, which is 100 coins.
The code calculates the amount of coins that the user should be charged, but it does not convert the deltaFee
variable to a *big.Int.
The sdk.NewIntFromBigInt function fails because the deltaFee variable is not a *big.Int.
The GetInputPrice function returns an incorrect value.
The user is charged more than they expected, or they do not receive the full amount of coins that they were
expecting.
Tools Used
vs code
manual review
Recommended Mitigation Steps
the problem can be correct by converting the deltaFee variable to a *big.Int before passing it to the sdk.NewIntFromBigInt function.
Lines of code
https://github.com/code-423n4/2023-06-canto/blob/a4ff2fd2e67e77e36528fad99f9d88149a5e8532/Canto/x/coinswap/keeper/swap.go#L225
Vulnerability details
Impact
in the GetInputPrice function there a line inputAmtWithFee := inputAmt.Mul(sdk.NewIntFromBigInt(deltaFee.BigInt())) tat make a problem so here we have in that line in the GetInputPrice function, the sdk.NewIntFromBigInt function it's takes the big.Int as an argument, but the deltaFee variable is a sdk.Dec. Since sdk.Dec is a type alias for big.Rat, we can't directly pass it to sdk.NewIntFromBigInt. Instead, we need to convert it to a big.Int first, so the problem is that if we do not convert the deltaFee variable to a big.Int, the sdk.NewIntFromBigInt function will fail and the GetInputPrice function will return an incorrect value. This incorrect value could lead to users being charged more than they expected, or not receiving the full amount of coins that they were expecting. Here some resume for this bug :
Proof of Concept
variable to a *big.Int.
Tools Used
vs code manual review
Recommended Mitigation Steps
Assessed type
Other