init() will always be overriden, meaning only one token is allowed.
Proof of Concept
pub fn create_pool_D650_E2_D0 in lib.rs contract calls self.pools.setter(pool).init(price, fee, tick_spacing, max_liquidity_per_tick)?; with the pool being the token address. When init is called, the function checks that the sqrt_price is not set and revert otherwise.
init() can only be called one time.
#[allow(non_snake_case)]
pub fn create_pool_D650_E2_D0(
&mut self,
pool: Address,
price: U256,
fee: u32,
tick_spacing: u8,
max_liquidity_per_tick: u128,
) -> Result<(), Revert> {
assert_eq_or!(
msg::sender(),
self.seawater_admin.get(),
Error::SeawaterAdminOnly
);
self.pools
.setter(pool)
.init(price, fee, tick_spacing, max_liquidity_per_tick)?;
// get the decimals for the asset so we can log it's decimals for the indexer
Lines of code
https://github.com/code-423n4/2024-08-superposition/blob/4528c9d2dbe1550d2660dac903a8246076044905/pkg/seawater/src/lib.rs#L999-L1016
Vulnerability details
Impact
init() will always be overriden, meaning only one token is allowed.
Proof of Concept
pub fn create_pool_D650_E2_D0 in lib.rs contract calls
self.pools.setter(pool).init(price, fee, tick_spacing, max_liquidity_per_tick)?;
with the pool being the token address. When init is called, the function checks that thesqrt_price
is not set and revert otherwise.init()
can only be called one time.Recommended Mitigation Steps
Recommend having different pool contracts.
Assessed type
Other