Price manipulation in coinswap::pool
#26
Labels
bug
Something isn't working
downgraded by judge
Judge downgraded the risk level of this issue
duplicate-13
grade-b
Q-05
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
🤖_02_group
AI based duplicate group recommendation
sufficient quality report
This report is of sufficient quality
Lines of code
https://github.com/code-423n4/2024-05-canto/blob/d1d51b2293d4689f467b8b1c82bba84f8f7ea008/canto-main/x/coinswap/keeper/keeper.go#L253-L320
Vulnerability details
Description
In the protocol, the
addLiquidity
function includes a guard to prevent price manipulation.However, the
removeLiquidity
function lacks this protection. It only restricts the amount oftokenWithdrawCoin
without considering the remaining liquidity in the pool.An attacker can exploit this by adding liquidity and then removing most of it, leaving a small amount of liquidity in the pool, and donating tokens to the pool to manipulate the price of the token pair.
Impact
Price manipulation
Recommended Mitigation
The remaining liquidity in the pool should be checked when removing liquidity.
Assessed type
Other
The text was updated successfully, but these errors were encountered: