Malicious First depositor can DOSed the add liquidity function in coinswap module #24
Labels
bug
Something isn't working
downgraded by judge
Judge downgraded the risk level of this issue
duplicate-13
edited-by-warden
grade-b
Q-06
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
🤖_02_group
AI based duplicate group recommendation
sufficient quality report
This report is of sufficient quality
Lines of code
https://github.com/code-423n4/2024-05-canto/blob/main/canto-main/x/coinswap/keeper/keeper.go#L119-L250
Vulnerability details
Detailed description
The add liquidity function in keeper.go under coinswap module implements the deposit of tokens in exchange of liquidity shares. However, the function is vulnerable to donation attack wherein the succeeding depositors won't be successfully add liquidity because the standard reserve pool has been manipulated.
Let's look at line 173 below, this can be manipulated and cause error of MaxStandardCoinPerPool in line 193. This can be problematic because it exceeded the limitation but in reality, there is no equivalent of actual proper deposit of liquidity. It is just simply manipulated by direct transfer or deposit from malicious actor to the reserve pool.
Impact
Future deposits in a manipulated pool won't be possible. This will disrupt the deposit operation of the pool in which the users can't deposit no more because of manipulated restriction in each pool made by the attacker.
This can be problematic because the attacker can do this repeatedly in other pools and disrupt the whole protocol.
Proof of Concept
Consider this scenario:
Please be reminded that this can be done in other pools and the impact can be devastating and eventually the protocol lost users.
Tools Used
Manual Review
Recommended Mitigation Steps
Implement a mechanism in which the first depositor will be prevented to manipulate the reserves.
Assessed type
Other
The text was updated successfully, but these errors were encountered: