_skipResults is intended to help break up fetching market info for a given mode into multiple calls. Let us assume that the total market size for a mode is N, where N > marketInfoResults, the number of results to return. However, the current implementation will return null values for the first _skipResults indexes. This means that if _skipResults >= marketInfoResults, the returned values will all be null, which is not the expected behaviour.
Proof of Concept
Assume the following:
A specified mode has a total of 100 markets with the same state.
marketInfoResults = 20, so we retrieve 20 per batch call.
The first call to retrieve the latest 20 markets (because iteration starts from the back) for the specified mode will be fine. An attempt to retrieve the next 20 markets is performed by calling getMarketInfo() with _skipResults = 20.
Splidge
commented
3 years ago
Handle
hickuphh3
Vulnerability details
Impact
_skipResultsis intended to help break up fetching market info for a given mode into multiple calls. Let us assume that the total market size for a mode isN, whereN > marketInfoResults, the number of results to return. However, the current implementation will return null values for the first_skipResultsindexes. This means that if_skipResults >= marketInfoResults, the returned values will all be null, which is not the expected behaviour.Proof of Concept
Assume the following:
marketInfoResults= 20, so we retrieve 20 per batch call.The first call to retrieve the latest 20 markets (because iteration starts from the back) for the specified mode will be fine. An attempt to retrieve the next 20 markets is performed by calling
getMarketInfo()with_skipResults = 20.