search

code-423n4 / 2023-10-canto-findings

0 stars 1 forks source link

require statement commented posses attack by malicious contract #271

Closed c4-submissions closed 11 months ago

c4-submissions commented 11 months ago

Lines of code

https://github.com/code-423n4/2023-10-canto/blob/40edbe0c9558b478c84336aaad9b9626e5d99f34/canto_ambient/contracts/callpaths/LiquidityMiningPath.sol#L66 https://github.com/code-423n4/2023-10-canto/blob/40edbe0c9558b478c84336aaad9b9626e5d99f34/canto_ambient/contracts/callpaths/LiquidityMiningPath.sol#L75

Vulnerability details

Impact

The 'require' statement commented posses attack by malicious contract.

The LiquidityMiningPath.sol contract has the Governance requirement of the ‘require’ statement commented. If the intention was to make use of the ‘require’ statement, uncomment it so as to follow the Governance guidelines.

Proof of Concept

Governance ERROR: SLoC - #66 AND #75

CONTRACT NAME: LiquidityMiningPath.sol Contract link: https://github.com/code-423n4/2023-10-canto/blob/main/canto_ambient/contracts/callpaths/LiquidityMiningPath.sol LINE OF CODE: SLoC #66 // require(msg.sender == governance, "Only callable by governance"); SLoC #75 // require(msg.sender == governance, "Only callable by governance");

Tools Used

Manual review

Recommended Mitigation Steps

Uncomment the require statements for governance control if that's part of your contract's design.

Assessed type

Governance

c4-pre-sort commented 11 months ago

141345 marked the issue as duplicate of #4

c4-pre-sort commented 11 months ago

141345 marked the issue as sufficient quality report

c4-judge commented 11 months ago

dmvt marked the issue as unsatisfactory: Invalid