search

code-423n4 / 2022-06-putty-findings

5 stars 0 forks source link

Condition check to verify the floorAssetTokenIds and order.floorTokens length can be improved for robustness. #382

Closed code423n4 closed 2 years ago

code423n4 commented 2 years ago

Lines of code

https://github.com/code-423n4/2022-06-putty/blob/3b6b844bc39e897bd0bbb69897f2deff12dc3893/contracts/src/PuttyV2.sol#L405 https://github.com/code-423n4/2022-06-putty/blob/3b6b844bc39e897bd0bbb69897f2deff12dc3893/contracts/src/PuttyV2.sol#L297

Vulnerability details

Impact

Invalid condition check could lead to unexpected consequences

Proof of Concept

require(floorAssetTokenIds.length == order.floorTokens.length, "Wrong amount of floor tokenIds") require(floorAssetTokenIds.length == order.floorTokens.length, "Wrong amount of floor tokenIds")

what is the both token array length is zero. i this case, it may get executed.

Tools Used

VS code

Recommended Mitigation Steps

Include validity check like both the token array length should be greater than zero.

GalloDaSballo commented 2 years ago

Order can have zero floor tokens

outdoteth commented 2 years ago

Confirming what @GalloDaSballo said