Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Liquidswap>Low findings>lp_account::retrieve_signer_cap, should be a friend to ,liquidity_pool
GeneralOverview
Findings
Low (4)Computation inaccuracyImplicit precision lossIncorrect rouding behaviorFunction should be a friend
DiscussionMissing test coverageTests failOutdated commentsUnused struct memberFlashloan implementationLiquidswap
Verification`Formal verification`
Audit ResultsAudit Results
Category: Coding Mistakes

lp_account::retrieve_signer_cap should be a friend to liquidity_pool

Low Severity
Low Impact
Low Likelihood

Description

The function lp_account::retrieve_signer_cap can currently be called by any module. If lp_account::retrieve_signer_cap is called by a function other than liquidity_pool::initialize, then the initialization process of Liquidswap will be unable to move forward.

Impact

The initialization of Liquidswap can be griefed. This will make liquidswap inaccessible to any users.

Recommendations

The function lp_account::retrieve_signer_cap needs to be marked as pub(friend), and the module liquidswap::liquidity_pool needs to be added as a friend to liquidswap::lp_account.

Remediation

This issue has been acknowledged by Pontem Network.

Zellic © 2024Back to top ↑