XO-_addToken function vulnerability allows attacker to add invalid tokens to pool
Summary
The vulnerability is in _addToken function so the The _isTokenTypeValid function is a pure virtual function, which means that it must be implemented by the child contract, there is no guarantee that the child contract will implement this function. If the child contract does not implement this function, then the _addToken function will revert with an error
There is a vulnerability in the_addToken function. This function is responsible for adding a token to the pool, the real problem is in the line that checks if the token type is valid. The _isTokenTypeValid function is a pure virtual function, which means that it must be implemented by the child contractr, there is no guarantee that the child contract will implement this function. If the child contract does not implement this function, then the _addToken function will revert with an error,and the proble in the line that calls the _isTokenTypeValid function, that line will revert if the child contract does not implement the _isTokenTypeValid function, means that an attacker could create a child contract that does not implement this function and then call the _addToken function with a token that has an invalid token type. This would allow the attacker to add the token to the pool, even though the token is not valid
Impact
the vulnerability allow an attacker to add the token to the pool, even though the token is not valid.
the _addToken function should check if the child contract has implemented the _isTokenTypeValid function. If the child contract has not implemented this function, then the _addToken function should revert with an error.
XDZIBEC
high
XO-_addToken function vulnerability allows attacker to add invalid tokens to pool
Summary
The vulnerability is in
_addToken
function so the The_isTokenTypeValid
function is a pure virtual function, which means that it must be implemented by the child contract, there is no guarantee that the child contract will implement this function. If the child contract does not implement this function, then the_addToken
function will revert with an errorVulnerability Detail
_addToken
function. This function is responsible for adding a token to thepool
, the real problem is in the line that checks if the token type is valid. The_isTokenTypeValid
function is a purevirtual
function, which means that it must be implemented by the child contractr, there is no guarantee that the child contract will implement this function. If the child contract does not implement this function, then the_addToken
function willrevert
with anerror
,and the proble in the line that calls the_isTokenTypeValid
function, that line will revert if the child contract does not implement the_isTokenTypeValid
function, means that an attacker could create a child contract that does not implement this function and then call the_addToken
function with a token that has an invalid token type. This would allow the attacker to add the token to the pool, even though the token is not validImpact
Code Snippet
Tool used
Manual Review
Recommendation
_addToken
function should check if the child contract has implemented the_isTokenTypeValid
function. If the child contract has not implemented this function, then the_addToken
function should revert with an error.