search

code-423n4 / 2022-01-insure-findings

2 stars 0 forks source link

Gas: `PoolTemplate:initialize()::_references` should be a fixed array of size 5 #346

Closed code423n4 closed 2 years ago

code423n4 commented 2 years ago

Handle

Dravee

Vulnerability details

Impact

Fixed arrays are less expensive than dynamic arrays and would implicitely add the array.length check

Proof of Concept

https://github.com/code-423n4/2022-01-insure/blob/main/contracts/PoolTemplate.sol#L181

Tools Used

VS Code

Recommended Mitigation Steps

Make _references a fixed array of size 5. I submitted a similar finding for _conditions. While the initialize function is indeed inherited from IUniversalMarket, this is in PoolTemplate that these arrays are the largest. Their bounds should then respectively be 5 and 2.

oishun1112 commented 2 years ago

same reason as https://github.com/code-423n4/2022-01-insure-findings/issues/345

0xean commented 2 years ago

dupe of #345