Unexpected Matching Inputs
validatePool in WEDXswap does not verify that tokenIn and tokenOut differ, allowing same-token pool lookups that proceed past validation with unpredictable results.
Description
The validatePool function in the WEDXswap contract does not verify that the input tokens (tokenIn and tokenOut) are different. This can lead to unintended behavior.
In the WEDXswap contract, the validatePool function allows the same token to be used for both tokenIn and tokenOut. This lack of validation can result in the function processing these identical inputs incorrectly, leading to unexpected and potentially erroneous behavior.
Impact
This vulnerability can lead to unnecessary transactions and potential confusion. While it does not pose a direct security risk, it may result in wasted resources and inefficiencies within the contract's operation.
The validatePool function can be called with the same token for both tokenIn and tokenOut. Without proper validation, the function processes the request incorrectly, which can disrupt the intended logic and flow of the contract.
function testValidatePoolWithSameTokens() public {// Expect revert with message "Tokens must be different"vm.expectRevert("Tokens must be different");swapContract.validatePool(address(tokenA), address(tokenA));}
Recommendation
Implement a validation check in the validatePool function to ensure that tokenIn and tokenOut are not the same.
function validatePool(address tokenIn, address tokenOut) public view returns (exInfo memory) {require(tokenIn != tokenOut, "Tokens must be different");// Additional function logic...}
