Platform: Code4rena
Start Date: 20/06/2023
Pot Size: $36,500 USDC
Total HM: 2
Participants: 23
Period: 3 days
Judge: 0xean
Id: 252
League: ETH
Rank: 6/23
Findings: 1
Award: $3,388.28
🌟 Selected for report: 0
🚀 Solo Findings: 0
3388.2784 USDC - $3,388.28
In the documentation, it is stated that:
For risk management purposes, a swap will fail if the input coin amount exceeds a pre-defined limit (10 USDC, 10 USDT, 0.01 ETH) or if the swap amount limit is not defined.
However, in the code it defined as:
sdk.NewCoin(EthIBCDenom, sdk.NewIntWithDecimal(1, 17))
This is incorrect since ETH has 18 decimals so the NewCoin with 17 decimals will be 0.1 ETH and not 0.01 ETH.
Since the maximum actual ETH input is 10x the stated limit and, at current prices, 18x the USDC/USDT limit, it is clear that the risk management intended by the protocol through input limits, is ineffective.
https://github.com/code-423n4/2023-06-canto/blob/a4ff2fd2e67e77e36528fad99f9d88149a5e8532/README.md
Manuel Review
Change the NewCoin Denom to 16 decimals.
sdk.NewCoin(EthIBCDenom, sdk.NewIntWithDecimal(1, 16))
Decimal
#0 - c4-pre-sort
2023-06-24T12:14:34Z
JeffCX marked the issue as duplicate of #8
#1 - c4-judge
2023-07-03T20:49:25Z
0xean marked the issue as satisfactory
#2 - c4-judge
2023-07-03T20:50:21Z
0xean changed the severity to 3 (High Risk)