Closed code423n4 closed 2 years ago
As addAddress
is only owner, this is a low issue at best as the array length cannot be arbitrarily increased
disagree with severity: low severity due to onlyOwner function.
@toshiSat @Picodes
It's onlyOwner
method but the logic is wrong, so you don't need to attack nothing or have a bad actor here, if the owner try to remove an address, the service will be denied, that's cannot be low...
@0x1f8b indeed, but it seems in the important function of the contract it won't revert due to the test contracts[i] != address(0)
@0x1f8b indeed, but it seems in the important function of the contract it won't revert due to the test
contracts[i] != address(0)
Lines of code
https://github.com/code-423n4/2022-06-yieldy/blob/main/src/contracts/BatchRequests.sol#L93
Vulnerability details
Impact
The
contracts
length will always increase because theremoveAddress()
function just deleting the value inside the array and never decrease the length by callingpop()
method. This can lead to Dos when calling functions that doing loop oncontracts
storage: https://github.com/code-423n4/2022-06-yieldy/blob/main/src/contracts/BatchRequests.sol#L16 https://github.com/code-423n4/2022-06-yieldy/blob/main/src/contracts/BatchRequests.sol#L36 https://github.com/code-423n4/2022-06-yieldy/blob/main/src/contracts/BatchRequests.sol#L91Recommended Mitigation Steps
Implement the pop() method for dynamic array so we can avoid unnecessary storage reading for zero value in the future