Open code423n4 opened 3 years ago
shw
Out-of-bound index access is possible in the function getAnchorPrice of Router.sol if the number of anchors equals 1 or 2. Also, the returned anchor price is not the overall median in those situations.
getAnchorPrice
Router.sol
Referenced code: Router.sol#L288
None
Consider using arrayPrices.length/2 as the index to get the median of prices.
arrayPrices.length/2
duplicate of #213
0x1d00ffff
commented
3 years ago
Handle
shw
Vulnerability details
Impact
Out-of-bound index access is possible in the function
getAnchorPriceofRouter.solif the number of anchors equals 1 or 2. Also, the returned anchor price is not the overall median in those situations.Proof of Concept
Referenced code: Router.sol#L288
Tools Used
None
Recommended Mitigation Steps
Consider using
arrayPrices.length/2as the index to get the median of prices.