code423n4 commented 3 years ago

Handle

0xsanson

Vulnerability details

Impact

It's possible to overflow the memory in multiple points in the contract, for example by having a long list of tokens and weights:

    function settleAuction(
        uint256[] memory bountyIDs,
        address[] memory inputTokens,
        uint256[] memory inputWeights,
        address[] memory outputTokens,
        uint256[] memory outputWeights
    ) public override {

This can lead to unintended behavior and possible exploits, since we would have multiple variables pointing to the same memory cells.

Proof of Concept

grep -P '[] memory'

Tools Used

editor

Recommended Mitigation Steps

Consider limiting the length of tokens and weight in all possible functions.

frank-beard commented 2 years ago

without a description of unintended behavior or a possible exploit, this report is not very useful

GalloDaSballo commented 2 years ago

Agree with the sponsor, this submission lacks any POC and details. It also seems like this was an issue with solidity v <= 0.6.5, https://blog.soliditylang.org/2020/04/06/memory-creation-overflow-bug/

In lack of evidence, POC and any detail, am marking this invalid

code-423n4 / 2021-09-defiprotocol-findings