Open code423n4 opened 2 years ago
WatchPug
Most of the for loops in the codebase use < to control the loop:
<
for (uint i=0; i<len; i++) {
However, in Zapper.sol, all 7 for loops are using !=:
Zapper.sol
!=
https://github.com/code-423n4/2021-10-ambire/blob/bc01af4df3f70d1629c4e22a72c19e6a814db70d/contracts/wallet/Zapper.sol#L79-L79
for (uint i=0; i!=spenders.length; i++) {
https://github.com/code-423n4/2021-10-ambire/blob/bc01af4df3f70d1629c4e22a72c19e6a814db70d/contracts/wallet/Zapper.sol#L87-L87
https://github.com/code-423n4/2021-10-ambire/blob/bc01af4df3f70d1629c4e22a72c19e6a814db70d/contracts/wallet/Zapper.sol#L110-L110
https://github.com/code-423n4/2021-10-ambire/blob/bc01af4df3f70d1629c4e22a72c19e6a814db70d/contracts/wallet/Zapper.sol#L126-L126
https://github.com/code-423n4/2021-10-ambire/blob/bc01af4df3f70d1629c4e22a72c19e6a814db70d/contracts/wallet/Zapper.sol#L131-L131
Using for (uint i=0; i!=len; i++) {} to control for loops introduces inconsistent code style.
for (uint i=0; i!=len; i++) {}
Change from != to < for all for loops.
fixed in https://github.com/AmbireTech/adex-protocol-eth/commit/10a88d499e44ff083307fded4631e59f5acef7e1
Agree with the finding, using < is more consistent and simpler to understand Sponsor has mitigated
Handle
WatchPug
Vulnerability details
Most of the for loops in the codebase use
<
to control the loop:However, in
Zapper.sol
, all 7 for loops are using!=
:https://github.com/code-423n4/2021-10-ambire/blob/bc01af4df3f70d1629c4e22a72c19e6a814db70d/contracts/wallet/Zapper.sol#L79-L79
https://github.com/code-423n4/2021-10-ambire/blob/bc01af4df3f70d1629c4e22a72c19e6a814db70d/contracts/wallet/Zapper.sol#L87-L87
https://github.com/code-423n4/2021-10-ambire/blob/bc01af4df3f70d1629c4e22a72c19e6a814db70d/contracts/wallet/Zapper.sol#L110-L110
https://github.com/code-423n4/2021-10-ambire/blob/bc01af4df3f70d1629c4e22a72c19e6a814db70d/contracts/wallet/Zapper.sol#L126-L126
https://github.com/code-423n4/2021-10-ambire/blob/bc01af4df3f70d1629c4e22a72c19e6a814db70d/contracts/wallet/Zapper.sol#L131-L131
Using
for (uint i=0; i!=len; i++) {}
to control for loops introduces inconsistent code style.Recommendation
Change from
!=
to<
for all for loops.