Assessment reports>Rujira>Informational findings>Revenue contract allows adding duplicate target denom
Category: Coding Mistakes

Revenue contract allows adding duplicate target denom

Informational Severity
Informational Impact
N/A Likelihood

Description

The SudoMsg handler in the rujira-revenue contract does not check if a denom already exists in the target_denoms list before adding it.

pub fn sudo(deps: DepsMut, _env: Env, msg: SudoMsg) -> Result<Response, ContractError> {
    let mut config = Config::load(deps.storage)?;
    match msg {
[...]
        SudoMsg::AddTargetDenom(denom) => {
            config.target_denoms.push(denom);
            config.save(deps.storage)?;
            Ok(Response::default())
        }

This could result in a denom being accidentally added more than once.

Impact

The target_denoms list is used to distribute funds stored in the contract for each denom. A denom being duplicated in the list would result in duplicated BankMsg::Send messages being pushed. The transaction would always fail due to insufficient funds being present.

for target in config.target_denoms.clone() {
    distribute_denom(deps, &env, &config, &mut sends, target)?;
}

Recommendations

Check if denom already exists before it's added.

Remediation

Ruji Holdings remediated this issue in commit 145f77f3 by searching the target_denoms vector to check if the denom is already present.

Zellic © 2025Back to top ↑