search

code-423n4 / 2023-06-canto-findings

1 stars 0 forks source link

Almost all of the github.com/cosmos/cosmos-sdk/types will be deprecated #84

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-06-canto/blob/a4ff2fd2e67e77e36528fad99f9d88149a5e8532/Canto/x/onboarding/types/params.go#L15 https://github.com/code-423n4/2023-06-canto/blob/a4ff2fd2e67e77e36528fad99f9d88149a5e8532/Canto/x/onboarding/types/params.go#L6 https://github.com/code-423n4/2023-06-canto/blob/a4ff2fd2e67e77e36528fad99f9d88149a5e8532/Canto/x/coinswap/keeper/swap.go#L5 https://github.com/code-423n4/2023-06-canto/blob/a4ff2fd2e67e77e36528fad99f9d88149a5e8532/Canto/go.mod#L7

Vulnerability details

Impact

Codes in the scope won't work if the https://github.com/code-423n4/2023-06-canto/blob/a4ff2fd2e67e77e36528fad99f9d88149a5e8532/Canto/go.mod#L7C1-L7C38 would be updated.

Proof of Concept

It is clearly seen that in the https://github.com/code-423n4/2023-06-canto/blob/a4ff2fd2e67e77e36528fad99f9d88149a5e8532/Canto/go.mod#L7C1-L7C38 it is fixed version of v0.45.9. However, in next version of cosmos-sdk https://pkg.go.dev/github.com/cosmos/cosmos-sdk@v0.46.0/types#Int all of the Int methods will be deprecated.

Almost all of the code in the scope is in danger.

Tools Used

Manual review.

Recommended Mitigation Steps

Use native functions to do the same things or use another package to do the same thing.

Assessed type

Library

c4-pre-sort commented 1 year ago

JeffCX marked the issue as primary issue

c4-pre-sort commented 1 year ago

JeffCX marked the issue as low quality report

c4-judge commented 1 year ago

0xean marked the issue as unsatisfactory: Insufficient quality