Different position input of token0 and token1 , will result in different pool Id #497
Labels
bug
Something isn't working
downgraded by judge
Judge downgraded the risk level of this issue
grade-b
primary issue
Highest quality submission among a set of duplicates
Q-07
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
sponsor disputed
Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue
Lines of code
https://github.com/code-423n4/2023-11-panoptic/blob/main/contracts/libraries/PanopticMath.sol#L48-L59
Vulnerability details
Impact
if change positions of token0 and token1 when calling
getFinalPoolId
, according the keccak256 function , will result same token pair to different pool idProof of Concept
if we change token0 -> token1 and token1 -> token0, the pood id will be different .
Tools Used
Vscode
Recommended Mitigation Steps
use token address sort method
Assessed type
Library
The text was updated successfully, but these errors were encountered: