contract Router.
anchorPrice = _sortedAnchorFeed[2]; // Return the middle
Here it hardcodes the middle index, so it assumes that it never changes. However, anchorLimit can be changed by function setAnchorParams. Also, I think it doesn't make sense to allow setting anchorLimit to a lower value than it was before because there is no possibility to remove the anchor and other functions will still iterate over arrayAnchors.length.
Recommended Mitigation Steps
Better use arrayAnchors.length / 2 as the middle price.
dmvt
commented
3 years ago
Handle
paulius.eth
Vulnerability details
Impact
contract Router. anchorPrice = _sortedAnchorFeed[2]; // Return the middle Here it hardcodes the middle index, so it assumes that it never changes. However, anchorLimit can be changed by function setAnchorParams. Also, I think it doesn't make sense to allow setting anchorLimit to a lower value than it was before because there is no possibility to remove the anchor and other functions will still iterate over arrayAnchors.length.
Recommended Mitigation Steps
Better use arrayAnchors.length / 2 as the middle price.