Lines of code
<https://github.com/cosmos/cosmos-sdk/blob/main/x/authz/keeper/keeper.go#L67&gt;

Vulnerability details

Impact

A panic might occur when calling CreatePool and stop the app

#Proof of Concept
here we can see CreatePool is creating new struct pool which call k,GetStandardDenom as value for StandardDenom key. now lets check GetStandardDenom body:

func (k Keeper) GetStandardDenom(ctx sdk.Context) string {
	store := ctx.KVStore(k.storeKey)
	bz := store.Get(types.KeyStandardDenom)
	
	var denomWrap = gogotypes.StringValue{}
	k.cdc.MustUnmarshal(bz, &denomWrap)
	return denomWrap.Value
}

bz value is not checked as if it equal nil or not before calling MustUnmarshal and that will result panic in the program. few examples from cosmos sdk itself about the correct practice to avoid the panic issue:
<https://github.com/cosmos/cosmos-sdk/blob/main/x/authz/keeper/keeper.go#L67&gt;

bz, err := store.Get(skey)
	if err != nil {
		panic(err)
	}

	if bz == nil {
		return grant, false
	}
	k.cdc.MustUnmarshal(bz, &grant)
	return grant, true

as you see below there a check for bz if equal nil so it doesn’t panic on MustUnmarshal. because it is possibe that KVStore would return nil for a storeKey.

Tools Used

Manual Review

Recommended Mitigation Steps

return err if bz == nil and check k.GetStandardDenom(ctx) if it has error before creating pool := &types.Pool struct at <https://github.com/code-423n4/2023-06-canto/blob/main/Canto/x/coinswap/keeper/pool.go#L18&gt;

	if bz == nil {
		return err //or empty string
	}

Assessed type

Other

---

The text was updated successfully, but these errors were encountered:

All reactions