The condition says that if exactBoughtCoin is greater than or equal to outputReserve, then the call fails. But in my opinion, the call should be allowed if the two amounts are equal.
(Maybe there are other reasons why we use GTE but it wasnt evident to me)
Lines of code
https://github.com/code-423n4/2023-06-canto/blob/main/Canto/x/coinswap/keeper/swap.go#L145
Vulnerability details
Impact
The condition says that if
exactBoughtCoin
is greater than or equal tooutputReserve
, then the call fails. But in my opinion, the call should be allowed if the two amounts are equal. (Maybe there are other reasons why we useGTE
but it wasnt evident to me)Code reference
https://github.com/code-423n4/2023-06-canto/blob/main/Canto/x/coinswap/keeper/swap.go#L145
Tools Used
Manual review
Recommended Mitigation Steps
Use
GT
instead ofGTE
Assessed type
Other