search

code-423n4 / 2021-09-defiprotocol-findings

1 stars 0 forks source link

Missing equality check on lengths of tokens/weights arrays #158

Closed code423n4 closed 2 years ago

code423n4 commented 2 years ago

Handle

0xRajeev

Vulnerability details

Impact

Missing equality check on lengths of tokens and their weights in multiple places.

Example: Different lengths of inputTokens and inputWeights could cause reverts (inputTokens.length > inputWeights.length) or undefined behavior in case of mismatches (inputTokens.length < inputWeights.length).

Proof of Concept

https://github.com/code-423n4/2021-09-defiProtocol/blob/52b74824c42acbcd64248f68c40128fe3a82caf6/contracts/contracts/Auction.sol#L69-L87

https://github.com/code-423n4/2021-09-defiProtocol/blob/52b74824c42acbcd64248f68c40128fe3a82caf6/contracts/contracts/Auction.sol#L69-L87

https://github.com/code-423n4/2021-09-defiProtocol/blob/52b74824c42acbcd64248f68c40128fe3a82caf6/contracts/contracts/Basket.sol#L42-L43

Tools Used

Manual Analysis

Recommended Mitigation Steps

Add require(tokens.length == weights.length) in all places where users input tokens and their weights.

frank-beard commented 2 years ago

not an exploit

GalloDaSballo commented 2 years ago

Duplicate of #111