Assessment reports>Circuit DAO>Critical findings>Improper condition filters in savings vault
Category: Business Logic

Improper condition filters in savings vault

Critical Severity
Critical Impact
High Likelihood

Description

The conditions returned by the inner puzzle of the savings-vault puzzle are filtered using the filter-conditions function. This function allows more than one CREATE_COIN condition to be passed. If two coins are created from this savings vault with the same puzzle mod but one contains different curried arguments, the lineage could still be proved.

Impact

New fake coins with nonzero value of DISCOUNTED_DEPOSIT could be used to steal from the treasury coin while still maintaining the correct lineage.

Recommendations

We recommend only allowing one CREATE_COIN condition to be returned from the inner puzzle of the savings vault.

Remediation

This issue has been acknowledged by Voltage Technologies Ltd., and a fix was implemented in commit 30165496.

Zellic © 2025Back to top ↑