Open code423n4 opened 2 years ago
Not an issue.
It's checked in _transferOperatorship
Dup #16
Per the sponsor comment, as well as: https://github.com/code-423n4/2022-07-axelar/blob/9c4c44b94cddbd48b9baae30051a4e13cbe39539/contracts/auth/AxelarAuthWeighted.sol#L103-L104
if (operatorIndex == operatorsLength) revert MalformedSigners();
If the length surpasses operatorsLength
we'll get a revert, meaning that while the check will help with an earlier revert, it wont' cause any vulnerability.
I think because early failure is a coding convention, the finding is a valid Refactoring but not a vulnerability
Did Not Check If The
operators
andweights
Array Length Is The SameThe
AxelarAuthWeighted._validateSignatures
function did not validate that theoperators
andweights
array length are the same.https://github.com/code-423n4/2022-07-axelar/blob/3729dd4aeff8dc2b8b9c3670a1c792c81fc60e7c/contracts/auth/AxelarAuthWeighted.sol#L86
Recommendation
Implement the following check to ensure that the
operators
andweights
array length are the same.