search

code-423n4 / 2021-12-vader-findings

0 stars 0 forks source link

Missing boundary check in USDV.sol #151

Open code423n4 opened 2 years ago

code423n4 commented 2 years ago

Handle

p4st13r4

Vulnerability details

Impact

The claim function does not check if the provider index of the lock actually exists, leading to waste of gas for the transaction sender

Proof of Concept

https://github.com/code-423n4/2021-12-vader/blob/main/contracts/tokens/USDV.sol#L122

Tools Used

Editor

Recommended Mitigation Steps

Add this check

require(i < userLocks.length)
0xstormtrooper commented 2 years ago

Adding additional check may be waste of gas. Function will fail if i out of bounds here

https://github.com/code-423n4/2021-12-vader/blob/main/contracts/tokens/USDV.sol#L124

0xstormtrooper commented 2 years ago

https://github.com/code-423n4/2021-12-vader-findings/issues/106