If swap fails and ERC20 tokens are sent to Canto (since the process is non-atomic) user funds can be lost.
Proof of Concept
If swap fails on this project and ERC20 tokens are transferred to Canto and the recipient address is a smart contract that operates with a push pattern, the sender cannot claim ownership over the transferred ERC20 tokens. Therefore, the recipient should not be a contract address. It must be an EOA (Externally Owned Account).
Tools Used
Manual review
Recommended Mitigation Steps
The code can check the recipient's codesize. If the codesize is != 0, means if the recepient is contract account, It must revert.
Lines of code
https://github.com/code-423n4/2023-06-canto/blob/a4ff2fd2e67e77e36528fad99f9d88149a5e8532/Canto/x/onboarding/keeper/ibc_callbacks.go#L28
Vulnerability details
Impact
If swap fails and ERC20 tokens are sent to Canto (since the process is non-atomic) user funds can be lost.
Proof of Concept
If swap fails on this project and ERC20 tokens are transferred to Canto and the recipient address is a smart contract that operates with a push pattern, the sender cannot claim ownership over the transferred ERC20 tokens. Therefore, the recipient should not be a contract address. It must be an EOA (Externally Owned Account).
Tools Used
Manual review
Recommended Mitigation Steps
The code can check the recipient's codesize. If the codesize is != 0, means if the recepient is contract account, It must revert.
Assessed type
ERC20