search

code-423n4 / 2023-04-eigenlayer-findings

1 stars 1 forks source link

`indicesToSkip` array not implemented properly if array not entered in ascending order #375

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-04-eigenlayer/blob/main/src/contracts/core/StrategyManager.sol#L562

Vulnerability details

Impact

Will revert on case where the array is not provided in ascending order.

Proof of Concept

Logic not implemented correctly if indicesToSkip array not entered in ascending order. Let's consider the case where indicesToSkip is [3,1,7,9].In this case indicesToSkipIndex will not be incremented further and value of indicesToSkip[indicesToSkipIndex] will remain the same causing logical flaws in the code.

Tools Used

Manual Audit

Recommended Mitigation Steps

Checks should be implemented for indicesToSkip to ensure that the entered array is always in Ascending order.

Assessed type

Context

c4-pre-sort commented 1 year ago

0xSorryNotSorry marked the issue as low quality report

c4-pre-sort commented 1 year ago

0xSorryNotSorry marked the issue as duplicate of #338

c4-judge commented 1 year ago

GalloDaSballo changed the severity to QA (Quality Assurance)

GalloDaSballo commented 1 year ago

Dowgraded to QA - R for documentation