Assessment reports>Liquidswap>Low findings>lp_account::retrieve_signer_cap, should be a friend to ,liquidity_pool
Category: Coding Mistakes

lp_account::retrieve_signer_cap should be a friend to liquidity_pool

Low Severity
Low Impact
Low Likelihood


The function lp_account::retrieve_signer_cap can currently be called by any module. If lp_account::retrieve_signer_cap is called by a function other than liquidity_pool::initialize, then the initialization process of Liquidswap will be unable to move forward.


The initialization of Liquidswap can be griefed. This will make liquidswap inaccessible to any users.


The function lp_account::retrieve_signer_cap needs to be marked as pub(friend), and the module liquidswap::liquidity_pool needs to be added as a friend to liquidswap::lp_account.


This issue has been acknowledged by Pontem Network.

Zellic © 2023Back to top ↑