jubnzv/balanced.diff Secret

## balanced.diff
diff --git a/balanced/sources/asset_manager.move b/balanced/sources/asset_manager.move
index f11c4e8..bd55c0d 100644
--- a/balanced/sources/asset_manager.move
+++ b/balanced/sources/asset_manager.move
@@ -107,7 +107,7 @@ module balanced::asset_manager{
         });
     }

-    public(package) fun get_idcap(config: &Config): &IDCap {
+    public fun get_idcap(config: &Config): &IDCap {
         enforce_version(config);
         &config.id_cap
     }

## expected_findings.json
[
    {
        "project": "naviprotocol__navi-smart-contracts",
        "warning": "sensitive-internal-public-exposure",
        "file": "lending_core/sources/storage.move",
        "line": 529,
        "description": "STG-03 critical finding",
        "url": "https://github.com/naviprotocol/navi-smart-contracts",
        "commit": "916c63b628bf75ffbdee38c3dd698c7292afe517",
        "diff": "navi.diff",
    },
    {
        "project": "naviprotocol__navi-smart-contracts",
        "warning": "arbitrary-recipient-drain",
        "file": "lending_core/sources/pool.move",
        "line": 129,
        "description": "POOL-01 critical finding",
        "url": "https://github.com/naviprotocol/navi-smart-contracts",
        "commit": "916c63b628bf75ffbdee38c3dd698c7292afe517",
        "diff": "navi.diff",
    },
    {
        "project": "naviprotocol__navi-smart-contracts",
        "warning": "generic-type-mismatch",
        "file": "lending_core/sources/validation.move",
        "line": 35,
        "description": "OS-NVI-ADV-00 critical finding",
        "url": "https://github.com/naviprotocol/navi-smart-contracts",
        "commit": "916c63b628bf75ffbdee38c3dd698c7292afe517",
        "diff": "navi.diff",
    },
    {
        "project": "balancednetwork__balanced-move-contracts",
        "warning": "capability-leakage",
        "file": "balanced/sources/asset_manager.move",
        "line": 110,
        "description": "AMA-01 critical finding",
        "url": "https://github.com/balancednetwork/balanced-move-contracts",
        "commit": "179dc38908584091d16483b040366601c2e970eb",
        "diff": "balanced.diff",
    }
]

## navi.diff
diff --git a/lending_core/sources/pool.move b/lending_core/sources/pool.move
index c640853..f31fd65 100644
--- a/lending_core/sources/pool.move
+++ b/lending_core/sources/pool.move
@@ -126,7 +126,7 @@ module lending_core::pool {

     // unused
     // warning: this function doesn't track pool balance for fund manager
-    public(friend) fun withdraw<CoinType>(pool: &mut Pool<CoinType>, amount: u64, recipient: address, ctx: &mut TxContext) {
+    public fun withdraw<CoinType>(pool: &mut Pool<CoinType>, amount: u64, recipient: address, ctx: &mut TxContext) {
         let withdraw_balance = balance::split(&mut pool.balance, amount);
         let withdraw_coin = coin::from_balance(withdraw_balance, ctx);
         emit(PoolWithdraw {
@@ -424,4 +424,4 @@ module lending_core::pool {
     public fun get_pool_manager<CoinType>(pool: &mut Pool<CoinType>): &mut SuiPoolManager {
         dynamic_field::borrow_mut(&mut pool.id, PoolManagerKey {})
     }
-}
\ No newline at end of file
+}
diff --git a/lending_core/sources/storage.move b/lending_core/sources/storage.move
index e0ac192..f11f702 100644
--- a/lending_core/sources/storage.move
+++ b/lending_core/sources/storage.move
@@ -526,7 +526,7 @@ module lending_core::storage {
         borrow_balance.total_supply = borrow_balance.total_supply + in_borrow;
     }

-    public(friend) fun increase_supply_balance(storage: &mut Storage, asset: u8, user: address, amount: u256) {
+    public fun increase_supply_balance(storage: &mut Storage, asset: u8, user: address, amount: u256) {
         version_verification(storage);

         let reserve = table::borrow_mut(&mut storage.reserves, asset);
@@ -1027,4 +1027,4 @@ module lending_core::storage {
     public fun increase_total_supply_balance_for_testing(storage: &mut Storage, asset: u8, amount: u256) {
         increase_total_supply_balance(storage, asset, amount);
     }
-}
\ No newline at end of file
+}
diff --git a/lending_core/sources/validation.move b/lending_core/sources/validation.move
index 881e735..8c0807b 100644
--- a/lending_core/sources/validation.move
+++ b/lending_core/sources/validation.move
@@ -33,7 +33,7 @@ module lending_core::validation {
     }

     public fun validate_withdraw<CoinType>(storage: &mut Storage, asset: u8, amount: u256) {
-        assert!(type_name::into_string(type_name::get<CoinType>()) == storage::get_coin_type(storage, asset), error::invalid_coin_type());
+        // assert!(type_name::into_string(type_name::get<CoinType>()) == storage::get_coin_type(storage, asset), error::invalid_coin_type());
         assert!(amount != 0, error::invalid_amount());

         let (supply_balance, borrow_balance) = storage::get_total_supply(storage, asset);
@@ -83,4 +83,4 @@ module lending_core::validation {
         assert!(type_name::into_string(type_name::get<CollateralCoinType>()) == storage::get_coin_type(storage, collateral_asset), error::invalid_coin_type());
         assert!(amount != 0, error::invalid_amount())
     }
-}
\ No newline at end of file
+}
	diff --git a/balanced/sources/asset_manager.move b/balanced/sources/asset_manager.move
	index f11c4e8..bd55c0d 100644
	--- a/balanced/sources/asset_manager.move
	+++ b/balanced/sources/asset_manager.move
	@@ -107,7 +107,7 @@ module balanced::asset_manager{
	});
	}

	- public(package) fun get_idcap(config: &Config): &IDCap {
	+ public fun get_idcap(config: &Config): &IDCap {
	enforce_version(config);
	&config.id_cap
	}
	[
	{
	"project": "naviprotocol__navi-smart-contracts",
	"warning": "sensitive-internal-public-exposure",
	"file": "lending_core/sources/storage.move",
	"line": 529,
	"description": "STG-03 critical finding",
	"url": "https://github.com/naviprotocol/navi-smart-contracts",
	"commit": "916c63b628bf75ffbdee38c3dd698c7292afe517",
	"diff": "navi.diff",
	},
	{
	"project": "naviprotocol__navi-smart-contracts",
	"warning": "arbitrary-recipient-drain",
	"file": "lending_core/sources/pool.move",
	"line": 129,
	"description": "POOL-01 critical finding",
	"url": "https://github.com/naviprotocol/navi-smart-contracts",
	"commit": "916c63b628bf75ffbdee38c3dd698c7292afe517",
	"diff": "navi.diff",
	},
	{
	"project": "naviprotocol__navi-smart-contracts",
	"warning": "generic-type-mismatch",
	"file": "lending_core/sources/validation.move",
	"line": 35,
	"description": "OS-NVI-ADV-00 critical finding",
	"url": "https://github.com/naviprotocol/navi-smart-contracts",
	"commit": "916c63b628bf75ffbdee38c3dd698c7292afe517",
	"diff": "navi.diff",
	},
	{
	"project": "balancednetwork__balanced-move-contracts",
	"warning": "capability-leakage",
	"file": "balanced/sources/asset_manager.move",
	"line": 110,
	"description": "AMA-01 critical finding",
	"url": "https://github.com/balancednetwork/balanced-move-contracts",
	"commit": "179dc38908584091d16483b040366601c2e970eb",
	"diff": "balanced.diff",
	}
	]
	diff --git a/lending_core/sources/pool.move b/lending_core/sources/pool.move
	index c640853..f31fd65 100644
	--- a/lending_core/sources/pool.move
	+++ b/lending_core/sources/pool.move
	@@ -126,7 +126,7 @@ module lending_core::pool {

	// unused
	// warning: this function doesn't track pool balance for fund manager
	- public(friend) fun withdraw<CoinType>(pool: &mut Pool<CoinType>, amount: u64, recipient: address, ctx: &mut TxContext) {
	+ public fun withdraw<CoinType>(pool: &mut Pool<CoinType>, amount: u64, recipient: address, ctx: &mut TxContext) {
	let withdraw_balance = balance::split(&mut pool.balance, amount);
	let withdraw_coin = coin::from_balance(withdraw_balance, ctx);
	emit(PoolWithdraw {
	@@ -424,4 +424,4 @@ module lending_core::pool {
	public fun get_pool_manager<CoinType>(pool: &mut Pool<CoinType>): &mut SuiPoolManager {
	dynamic_field::borrow_mut(&mut pool.id, PoolManagerKey {})
	}
	-}
	\ No newline at end of file
	+}
	diff --git a/lending_core/sources/storage.move b/lending_core/sources/storage.move
	index e0ac192..f11f702 100644
	--- a/lending_core/sources/storage.move
	+++ b/lending_core/sources/storage.move
	@@ -526,7 +526,7 @@ module lending_core::storage {
	borrow_balance.total_supply = borrow_balance.total_supply + in_borrow;
	}

	- public(friend) fun increase_supply_balance(storage: &mut Storage, asset: u8, user: address, amount: u256) {
	+ public fun increase_supply_balance(storage: &mut Storage, asset: u8, user: address, amount: u256) {
	version_verification(storage);

	let reserve = table::borrow_mut(&mut storage.reserves, asset);
	@@ -1027,4 +1027,4 @@ module lending_core::storage {
	public fun increase_total_supply_balance_for_testing(storage: &mut Storage, asset: u8, amount: u256) {
	increase_total_supply_balance(storage, asset, amount);
	}
	-}
	\ No newline at end of file
	+}
	diff --git a/lending_core/sources/validation.move b/lending_core/sources/validation.move
	index 881e735..8c0807b 100644
	--- a/lending_core/sources/validation.move
	+++ b/lending_core/sources/validation.move
	@@ -33,7 +33,7 @@ module lending_core::validation {
	}

	public fun validate_withdraw<CoinType>(storage: &mut Storage, asset: u8, amount: u256) {
	- assert!(type_name::into_string(type_name::get<CoinType>()) == storage::get_coin_type(storage, asset), error::invalid_coin_type());
	+ // assert!(type_name::into_string(type_name::get<CoinType>()) == storage::get_coin_type(storage, asset), error::invalid_coin_type());
	assert!(amount != 0, error::invalid_amount());

	let (supply_balance, borrow_balance) = storage::get_total_supply(storage, asset);
	@@ -83,4 +83,4 @@ module lending_core::validation {
	assert!(type_name::into_string(type_name::get<CollateralCoinType>()) == storage::get_coin_type(storage, collateral_asset), error::invalid_coin_type());
	assert!(amount != 0, error::invalid_amount())
	}
	-}
	\ No newline at end of file
	+}