The 'require' statement commented posses attack by malicious contract.
The LiquidityMiningPath.sol contract has the Governance requirement of the ‘require’ statement commented. If the intention was to make use of the ‘require’ statement, uncomment it so as to follow the Governance guidelines.
Lines of code
https://github.com/code-423n4/2023-10-canto/blob/40edbe0c9558b478c84336aaad9b9626e5d99f34/canto_ambient/contracts/callpaths/LiquidityMiningPath.sol#L66 https://github.com/code-423n4/2023-10-canto/blob/40edbe0c9558b478c84336aaad9b9626e5d99f34/canto_ambient/contracts/callpaths/LiquidityMiningPath.sol#L75
Vulnerability details
Impact
The 'require' statement commented posses attack by malicious contract.
The LiquidityMiningPath.sol contract has the Governance requirement of the ‘require’ statement commented. If the intention was to make use of the ‘require’ statement, uncomment it so as to follow the Governance guidelines.
Proof of Concept
Governance ERROR: SLoC - #66 AND #75
CONTRACT NAME: LiquidityMiningPath.sol Contract link: https://github.com/code-423n4/2023-10-canto/blob/main/canto_ambient/contracts/callpaths/LiquidityMiningPath.sol LINE OF CODE: SLoC #66 // require(msg.sender == governance, "Only callable by governance"); SLoC #75 // require(msg.sender == governance, "Only callable by governance");
Tools Used
Manual review
Recommended Mitigation Steps
Uncomment the require statements for governance control if that's part of your contract's design.
Assessed type
Governance