Open hats-bug-reporter[bot] opened 6 days ago
Github username: -- Twitter username: -- Submission hash (on-chain): 0x1a888657129021902f001539b564f2eacd4daaf9e8401c87b31e6812b6c41dad Severity: low
Description: Description\ In StableSwapThreePoolDeployer.createSwapPair, only _tokenA and _tokenB are checked in StableSwapThreePoolDeployer.sol#L65, _tokenC is not validated.
_tokenA
_tokenB
_tokenC
55 function createSwapPair( 56 address _tokenA, 57 address _tokenB, 58 address _tokenC, 59 uint256 _A, 60 uint256 _fee, 61 uint256 _admin_fee, 62 address _admin, 63 address _LP 64 ) external onlyOwner whenNotPaused returns (address) { 65 require(_tokenA != address(0) && _tokenB != address(0) && _tokenA != _tokenB, "Illegal token"); <<<--- _tokenC is not checked here 66 (address t0, address t1, address t2) = sortTokens(_tokenA, _tokenB, _tokenC); 67 address[N_COINS] memory coins = [t0, t1, t2]; 68 // create swap contract 69 bytes memory bytecode = type(StableSwapThreePool).creationCode; 70 bytes32 salt = keccak256(abi.encodePacked(t0, t1, t2, msg.sender, block.timestamp, block.chainid)); 71 address swapContract; 72 assembly { 73 swapContract := create2(0, add(bytecode, 32), mload(bytecode), salt) 74 } 75 StableSwapThreePool(swapContract).initialize(coins, _A, _fee, _admin_fee, _admin, _LP); 76 77 return swapContract; 78 }
Attack Scenario\ Describe how the vulnerability can be exploited.
Attachments
Proof of Concept (PoC) File
Revised Code File (Optional)
The addresses were previously checked at contact StableSwapFactory in createThreePoolPair()
StableSwapFactory
createThreePoolPair()
Github username: -- Twitter username: -- Submission hash (on-chain): 0x1a888657129021902f001539b564f2eacd4daaf9e8401c87b31e6812b6c41dad Severity: low
Description: Description\ In StableSwapThreePoolDeployer.createSwapPair, only
_tokenA
and_tokenB
are checked in StableSwapThreePoolDeployer.sol#L65,_tokenC
is not validated.Attack Scenario\ Describe how the vulnerability can be exploited.
Attachments
Proof of Concept (PoC) File
Revised Code File (Optional)