First Flight #18: T-Swap

First Flight #18

Beginner FriendlyDeFiFoundry

100 EXP

View results

Previous Next

Submission Details

Severity: medium

Invalid

Tswap PoolFactory Not Tracking Created Pools

josh4324

Summary

The PoolFactory contract is designed to create and manage liquidity pools within a decentralized finance ecosystem. However, it currently lacks functionality to track the pools it has created. This missing feature can lead to significant operational and security issues within the ecosystem.

Vulnerability Details

The PoolFactory contract should maintain a record of all liquidity pools it creates to ensure proper management and security monitoring. Without tracking, the contract cannot provide a comprehensive view of the pools, making it challenging to:

Audit the number and status of pools.
Retrieve and manage pools efficiently.
Implement security measures, such as detecting and responding to anomalies across pools.

This lack of tracking also hinders transparency for users who rely on the factory to access information about existing liquidity pools.

Impact

Operational Inefficiency: Administrators and users cannot efficiently manage or interact with liquidity pools without a comprehensive registry.
Security Risks: Potential security vulnerabilities may go unnoticed without the ability to monitor all pools created by the factory contract.

Proof of Concept (PoC):

Deploy the PoolFactory contract.
Use the PoolFactory contract to create multiple liquidity pools.
Attempt to retrieve a list of all created pools from the PoolFactory contract.
Observe that there is no built-in functionality to track or retrieve the list of created pools.

Tools Used

Manual Review

Recommendations

Implement Pool Tracking: Modify the PoolFactory contract to include functionality for tracking created pools. This can be achieved by maintaining an array or mapping of pool addresses within the contract.
Add Pool Creation Event: Emit an event whenever a new pool is created. This allows external systems and users to listen for pool creation events and maintain their own records if needed.
Provide Management Functions: Implement functions to retrieve the list of all pools, count of pools, and other relevant details to enhance manageability and transparency.

Updates

Appeal created

inallhonesty Lead Judge about 1 year ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Rewards breakdown

nSLOC

276

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.