Evert0x
commented
3 years ago This is already checked for @ https://github.com/code-423n4/2021-07-sherlock/blob/main/contracts/facets/Manager.sol#L105, right?
Closed code423n4 closed 3 years ago
Evert0x
commented
3 years ago This is already checked for @ https://github.com/code-423n4/2021-07-sherlock/blob/main/contracts/facets/Manager.sol#L105, right?
ghoul-sol
commented
3 years ago looks like the check is there, invalid
Handle
cmichel
Vulnerability details
The
Manager.setProtocolPremiumrequires that_token[i].length == _premium[i].lengthfor eachi. This is checked in the lastsetProtocolPremiumAndTokenPricebut not insetProtocolPremium(bytes32[] memory _protocol, IERC20[][] memory _token, uint256[][] memory _premium)at line ~94.Recommendation
Check
require(_token[i].length == _premium[i].length, 'LENGTH_4');in this function as well.