Swap Validation Remediation
How to fix missing validation in token swap operations.
Swap Validation Remediation
Overview
Related Detector: Swap Validation
Missing swap validation allows token theft and unauthorized operations. The fix is to validate token mints, amounts, ownership, authority, and deadline before executing any swap.
Recommended Fix
Before (Vulnerable)
let output = calculate_output(pool, amount)?;
token::transfer(ctx, output)?;After (Fixed)
require!(amount > 0, ZeroAmount);
require!(clock.unix_timestamp <= deadline, Expired);
require!(source_mint == pool.token_a_mint, InvalidMint);
require!(source.owner == authority.key(), InvalidOwner);
let output = calculate_output(pool, amount)?;
require!(output >= min_out, SlippageExceeded);
token::transfer(ctx, output)?;Alternative Mitigations
Anchor Constraint Validation
Use Anchor constraints to enforce validation declaratively:
#[derive(Accounts)]
pub struct Swap<'info> {
#[account(
mut,
constraint = source.mint == pool.token_a_mint @ InvalidMint,
constraint = source.owner == authority.key() @ InvalidOwner,
)]
pub source: Account<'info, TokenAccount>,
pub authority: Signer<'info>,
#[account(mut)]
pub pool: Account<'info, Pool>,
}Common Mistakes
Mistake: Validating Only One Token
// WRONG: validates input mint but not output mint
require!(source_mint == pool.token_a_mint, InvalidMint);
// Attacker can specify wrong destination token accountValidate both input and output token mints.