Open hats-bug-reporter[bot] opened 7 months ago
Please provide a PoC reproducing the issue. While doing it, I think you will realise this isn't the case.
psp22_transfer_from
takes the following arguments:
here we do the following:
Pair
Pair
contractThese are LP tokens which are being burnt for the underlying tokens.
Thank you for participation. After carefully reviewing the submission we've concluded that this issue is INVALID.
We hope you participate in the future audits of ink!.
Github username: -- Twitter username: -- Submission hash (on-chain): 0xb9811c25bdf84fb491abe51a4f0bf2f4cab7c1139a3f7a159f47b116f9ef376a Severity: high
Description:
Vulnerability Report
Description
while removing the liquidity, incorrect token address is used to transfer the token from user to the pair contract.
Attack Scenario
The actual liqudity will not be removed. after adding the liqudity, the attacker can call remove liqudity function continously and withdraw their deposits.
also, this might lead to situation where the liquiday can not be removed.
Attachments
https://github.com/Cardinal-Cryptography/common-amm/blob/bf4e48e3257894dcc8e6ab359321d1406533ad8b/amm/contracts/router/lib.rs#L297-L329
Update the following line of codes
https://github.com/Cardinal-Cryptography/common-amm/blob/bf4e48e3257894dcc8e6ab359321d1406533ad8b/amm/contracts/router/lib.rs#L311
here for
token
use the psp22 which is the token that is minted when adding the liquidity.