Treasury withdrawals can create unauthorized treasury coins
Description
The treasury coins support any number of user-provided CREATE_COIN
conditions, simply prepending one of its own recreate itself. Although it prevents users from splitting the treasury coin with the exact same puzzle hash, users may still create new, different treasury coins.
This is an issue because treasury-coin validity is lineage based. Specifically, there are states like LAUNCHER_ID
and RING_PREV_LAUNCHER_ID
that enforce important protocol invariants, such as in puzzles that require knowledge of the entire treasury's balance.
Impact
Users can create small pockets of treasury coins that look like the entire thing. This could result in auctions being started despite the real treasury balance being too high.
Recommendations
We recommend implementing stronger condition filtering on the coin.
Remediation
This issue has been acknowledged by Voltage Technologies Ltd., and a fix was implemented in commit d98ddd52↗.