openPositionFarm() doesn't check to make sure the pool gotten via the getPool() function is a valid and existing pool
Summary
openPositionFarm() in AuraSpell.sol doesn't check to make sure the pool gotten via the getPool() function is a valid and existing pool
Vulnerability Detail
checking the IWAuraPools.sol interface i see getPool() returns address and uint256.
openPositionFarm() function in AuraSpell.sol uses IWAuraPools.getPool() to get pools but doesn't check the returned parameters to confirm if the pool returned is a valid and existing pool.
Impact
An invalid and non-existing pool can be used by AuraSpell.sol's openPositionFarm() function
PRAISE
medium
openPositionFarm() doesn't check to make sure the pool gotten via the getPool() function is a valid and existing pool
Summary
openPositionFarm() in AuraSpell.sol doesn't check to make sure the pool gotten via the getPool() function is a valid and existing pool
Vulnerability Detail
checking the IWAuraPools.sol interface i see
getPool()returns address and uint256.openPositionFarm() functionin AuraSpell.sol usesIWAuraPools.getPool()to get pools but doesn't check the returned parameters to confirm if the pool returned is a valid and existing pool.Impact
An invalid and non-existing pool can be used by AuraSpell.sol's openPositionFarm() function
Code Snippet
https://github.com/sherlock-audit/2023-04-blueberry/blob/main/blueberry-core/contracts/spell/AuraSpell.sol#L71
Tool used
Manual Review
Recommendation
check the returned parameters of getPool() function to ensure what is returned is an existing pool