Category: Business Logic
Improper condition filters in savings vault
Critical Severity
Critical Impact
High Likelihood
Description
The conditions returned by the inner puzzle of the savings-vault puzzle are filtered using the filter-conditions
function. This function allows more than one CREATE_COIN
condition to be passed. If two coins are created from this savings vault with the same puzzle mod but one contains different curried arguments, the lineage could still be proved.
Impact
New fake coins with nonzero value of DISCOUNTED_DEPOSIT
could be used to steal from the treasury coin while still maintaining the correct lineage.
Recommendations
We recommend only allowing one CREATE_COIN
condition to be returned from the inner puzzle of the savings vault.
Remediation
This issue has been acknowledged by Voltage Technologies Ltd., and a fix was implemented in commit 30165496↗.