It is stated in the README that some spend limit are configured for the swaps.
This is a security precaution to avoid spending too much tokens for the default 4 CANTO tokens in order to onboard the users if their balance is less than 4 tokens.
As a default, this spend limit should be ~10$ for all tokens.
The inital tokens than can be bridged on Canto are USDC, USDT, and ETH, and so their respective spending limit should be 10, 10, 0.01 (~= 19$)
In the current implementation of the code, this spend limit is fetched from calling the GetMaximumSwapAmount function at the time of swaps.
The default swap limit is set in the params.go and as we can see, it's correct for the USDC and USDT (according to their 6 decimals in all EVM chains), but not for ETH.
Indeed, the DefaultMaxSwapAmount for ETH is set initially at 1e17, which equals 0.1 ETH.
Intially, the expected value should have been about 10$ for each asset, but here it's about 190$, which is far more than expected (20x).
The impact is that if in the future, the CANTO price goes up and that some ETH are bridged to onboard a new user, then it may swap much more than the expected 0.01 ETH, and may swap up to 0.1 ETH before aborting the swap operation.
Tools Used
Manual inspection
Recommended Mitigation Steps
Update the DefaultMaxSwapAmount to have a default for ETH at 0.01 ETH
Lines of code
https://github.com/code-423n4/2023-06-canto/blob/main/Canto/x/coinswap/keeper/swap.go#L210 https://github.com/code-423n4/2023-06-canto/blob/main/Canto/x/coinswap/types/params.go#L31-L35
Vulnerability details
Impact
It is stated in the
README
that some spend limit are configured for the swaps. This is a security precaution to avoid spending too much tokens for the default 4CANTO
tokens in order to onboard the users if their balance is less than 4 tokens.As a default, this spend limit should be ~10$ for all tokens. The inital tokens than can be bridged on Canto are
USDC
,USDT
, andETH
, and so their respective spending limit should be10
,10
,0.01
(~= 19$)In the current implementation of the code, this spend limit is fetched from calling the
GetMaximumSwapAmount
function at the time of swaps.The default swap limit is set in the
params.go
and as we can see, it's correct for theUSDC
andUSDT
(according to their 6 decimals in all EVM chains), but not forETH
. Indeed, theDefaultMaxSwapAmount
forETH
is set initially at 1e17, which equals 0.1 ETH.Intially, the expected value should have been about 10$ for each asset, but here it's about 190$, which is far more than expected (20x).
The impact is that if in the future, the
CANTO
price goes up and that someETH
are bridged to onboard a new user, then it may swap much more than the expected0.01
ETH, and may swap up to0.1
ETH before aborting the swap operation.Tools Used
Manual inspection
Recommended Mitigation Steps
Update the
DefaultMaxSwapAmount
to have a default forETH
at 0.01ETH
Assessed type
Decimal