search

code-423n4 / 2024-05-canto-findings

0 stars 0 forks source link

Price manipulation in `coinswap::pool` #26

Open howlbot-integration[bot] opened 5 months ago

howlbot-integration[bot] commented 5 months ago

Lines of code

https://github.com/code-423n4/2024-05-canto/blob/d1d51b2293d4689f467b8b1c82bba84f8f7ea008/canto-main/x/coinswap/keeper/keeper.go#L253-L320

Vulnerability details

Description

In the protocol, the addLiquidity function includes a guard to prevent price manipulation.

However, the removeLiquidity function lacks this protection. It only restricts the amount of tokenWithdrawCoin without considering the remaining liquidity in the pool.

An attacker can exploit this by adding liquidity and then removing most of it, leaving a small amount of liquidity in the pool, and donating tokens to the pool to manipulate the price of the token pair.

Impact

Price manipulation

Recommended Mitigation

The remaining liquidity in the pool should be checked when removing liquidity.

Assessed type

Other

c4-judge commented 5 months ago

3docSec marked the issue as not a duplicate

c4-judge commented 5 months ago

3docSec marked the issue as duplicate of #13

c4-judge commented 5 months ago

3docSec changed the severity to QA (Quality Assurance)

c4-judge commented 5 months ago

3docSec marked the issue as grade-b