search

code-423n4 / 2023-06-canto-findings

1 stars 0 forks source link

users being overcharged or not receiving the full amount of coins as they expected caused by the incorrect calculation of the amount of coins bought #77

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-06-canto/blob/a4ff2fd2e67e77e36528fad99f9d88149a5e8532/Canto/x/coinswap/keeper/swap.go#L225

Vulnerability details

Impact

in the GetInputPrice function there a line inputAmtWithFee := inputAmt.Mul(sdk.NewIntFromBigInt(deltaFee.BigInt())) tat make a problem so here we have in that line in the GetInputPrice function, the sdk.NewIntFromBigInt function it's takes the big.Int as an argument, but the deltaFee variable is a sdk.Dec. Since sdk.Dec is a type alias for big.Rat, we can't directly pass it to sdk.NewIntFromBigInt. Instead, we need to convert it to a big.Int first, so the problem is that if we do not convert the deltaFee variable to a big.Int, the sdk.NewIntFromBigInt function will fail and the GetInputPrice function will return an incorrect value. This incorrect value could lead to users being charged more than they expected, or not receiving the full amount of coins that they were expecting. Here some resume for this bug :

Assessed type

Other

c4-pre-sort commented 1 year ago

JeffCX marked the issue as low quality report

JeffCX commented 1 year ago

Lack of prove and overinflated severity

c4-judge commented 1 year ago

0xean marked the issue as unsatisfactory: Insufficient quality