Open code423n4 opened 2 years ago
Likely won't change as there is still a low level array out of bounds error that would cause a failure in the scenario where the arrays don't have the same length.
This is more of a best practice, so I'll mark this as non-critical
.
Handle
hyh
Vulnerability details
Impact
On calling with arrays of different lengths various malfunctions are possible as the arrays are used as given. System then will fail with low level array access message.
Proof of Concept
batchRedeemWinningTickets:
https://github.com/livepeer/protocol/blob/streamflow/contracts/pm/mixins/MixinWrappers.sol#L15
Recommended Mitigation Steps
Require _tickets, _sigs and _recipientRands arrays lengths to match