search

code-423n4 / 2024-08-superposition-validation

0 stars 0 forks source link

only 1 token is supported in the unified liquidity pool #231

Closed c4-bot-3 closed 1 month ago

c4-bot-3 commented 1 month ago

Lines of code

https://github.com/code-423n4/2024-08-superposition/blob/4528c9d2dbe1550d2660dac903a8246076044905/pkg/seawater/src/lib.rs#L999-L1016

Vulnerability details

Impact

init() will always be overriden, meaning only one token is allowed.

Proof of Concept

pub fn create_pool_D650_E2_D0 in lib.rs contract calls self.pools.setter(pool).init(price, fee, tick_spacing, max_liquidity_per_tick)?; with the pool being the token address. When init is called, the function checks that the sqrt_price is not set and revert otherwise.

init() can only be called one time.

  #[allow(non_snake_case)]
    pub fn create_pool_D650_E2_D0(
        &mut self,
        pool: Address,
        price: U256,
        fee: u32,
        tick_spacing: u8,
        max_liquidity_per_tick: u128,
    ) -> Result<(), Revert> {
        assert_eq_or!(
            msg::sender(),
            self.seawater_admin.get(),
            Error::SeawaterAdminOnly
        );

        self.pools
            .setter(pool)
            .init(price, fee, tick_spacing, max_liquidity_per_tick)?;

        // get the decimals for the asset so we can log it's decimals for the indexer
 pub fn init(
        &mut self,
        price: U256,
        fee: u32,
        tick_spacing: u8,
        max_liquidity_per_tick: u128,
    ) -> Result<(), Revert> {
        assert_eq_or!(
            self.sqrt_price.get(),
            U256::ZERO,
            Error::PoolAlreadyInitialised
        );

Recommended Mitigation Steps

Recommend having different pool contracts.

Assessed type

Other