Platform: Code4rena
Start Date: 20/06/2023
Pot Size: $36,500 USDC
Total HM: 2
Participants: 23
Period: 3 days
Judge: 0xean
Id: 252
League: ETH
Rank: 11/23
Findings: 1
Award: $1,016.48
🌟 Selected for report: 0
🚀 Solo Findings: 0
1016.4835 USDC - $1,016.48
If the first transfer succeeds but the second transfer fails, the coins will have been deducted from the sender's account but not added to the recipient's account, resulting in a loss of funds.
The swapCoins function consists of two separate SendCoins operations: one from the sender to the reserve pool and another from the reserve pool to the recipient. If any error occurs during the second SendCoins operation, the state of the reserve pool would have already been modified by the first SendCoins operation, resulting in an inconsistent state. The swapCoins function does not implement any transactional mechanism to ensure that both SendCoins operations occur as a single atomic operation. If a failure or error occurs after the first SendCoins operation, there is no rollback mechanism to revert the state changes
Manual
Use a transactional approach that ensures both transfers are executed atomically. This can be achieved by wrapping the two transfers in a single transaction so that they either both succeed or both fail. If an error occurs during the execution, the transaction can be rolled back to maintain a consistent state. https://github.com/seerether/Canto/blob/b9f9741815caab0ae81875f7bd693ea0b4c924eb/cantoreccommend#L9-L29
Token-Transfer
#0 - c4-pre-sort
2023-06-24T13:28:03Z
JeffCX marked the issue as primary issue
#1 - c4-pre-sort
2023-06-24T14:09:04Z
JeffCX marked the issue as low quality report
#2 - c4-pre-sort
2023-06-24T14:09:28Z
JeffCX marked the issue as duplicate of #80
#3 - c4-judge
2023-07-03T20:53:00Z
0xean marked the issue as satisfactory
#4 - c4-judge
2023-07-03T20:53:25Z
0xean changed the severity to 2 (Med Risk)