Category: Coding Mistakes
Revenue contract allows adding duplicate target denom
Informational Severity
Informational Impact
N/A Likelihood
Description
The SudoMsg
handler in the rujira-revenue
contract does not check if a denom already exists in the target_denoms
list before adding it.
pub fn sudo(deps: DepsMut, _env: Env, msg: SudoMsg) -> Result<Response, ContractError> {
let mut config = Config::load(deps.storage)?;
match msg {
[...]
SudoMsg::AddTargetDenom(denom) => {
config.target_denoms.push(denom);
config.save(deps.storage)?;
Ok(Response::default())
}
This could result in a denom being accidentally added more than once.
Impact
The target_denoms
list is used to distribute funds stored in the contract for each denom. A denom being duplicated in the list would result in duplicated BankMsg::Send
messages being pushed. The transaction would always fail due to insufficient funds being present.
for target in config.target_denoms.clone() {
distribute_denom(deps, &env, &config, &mut sends, target)?;
}
Recommendations
Check if denom already exists before it's added.
Remediation
Ruji Holdings remediated this issue in commit 145f77f3↗ by searching the target_denoms
vector to check if the denom is already present.