Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Laminar Markets>High findings>Duplicate call in coin register
GeneralOverview
Findings
High (4)Incorrect implementation of iteratorDuplicate call in coin registerPotential frontrunningIncorrect order size
Medium (1)
DiscussionGas optimizationsGeneral coding issuesExample unit testTest cases balance checkingUnbounded mint and burnSplay tree invariantsDecimals
VerificationFormal Verification
Audit ResultsSummary
Category: Coding Mistakes

Duplicate call in coin register

High Severity
High Impact
High Likelihood

Description

The following function register_staking_account calls coin::register twice via the following snippet:

if (!coin::is_account_registered<Lame>(addr)) {
    coin::register<Lame>(account);
    coin::register<Lame>(account);
};

Impact

Users will not be able to register a staking account as the second coin::register fails due to the following assert statement in the coin::register function:

assert!(
        !is_account_registered<CoinType>(account_addr),
        error::already_exists(ECOIN_STORE_ALREADY_PUBLISHED),
);

Recommendations

We recommend removing one of the coin::register calls.

Remediation

Laminar acknowledged this finding and implemented a fix in commit 691c.

Zellic © 2024Back to top ↑