0xSorryNotSorry
commented
1 year ago OOS --> [L‑07] Array lengths not checked
Closed code423n4 closed 1 year ago
0xSorryNotSorry
commented
1 year ago OOS --> [L‑07] Array lengths not checked
c4-pre-sort
commented
1 year ago 0xSorryNotSorry marked the issue as low quality report
c4-judge
commented
1 year ago GalloDaSballo marked the issue as unsatisfactory: Invalid
GalloDaSballo
commented
1 year ago OOS and also not an attack, but a mistake / QA
Lines of code
https://github.com/code-423n4/2023-04-eigenlayer/blob/5e4872358cd2bda1936c29f460ece2308af4def6/src/contracts/core/DelegationManager.sol#L172
Vulnerability details
[M-1] Potential DoS attack due to unchecked array lengths in loop
Impact
If
strategiesandshareshave different lengths and the code uses them in a loop without checking their lengths, it could potentially cause an out-of-bounds error, which could lead to a Denial-of-Service (DoS) attack.Proof of Concept
For example, if strategies has a length of 5 and shares has a length of 3, the loop will only iterate 3 times (for i equal to 0, 1, and 2) before reaching the end of the shorter array. However, the code assumes that both arrays have the same length and will continue to execute as if the loop has iterated 5 times. This could lead to unexpected behavior or even crash the contract.
If an attacker is able to provide strategies and shares arrays of different lengths, they could potentially cause the contract to enter an unexpected state or even consume all the available gas, causing a DoS attack. Therefore, it is important to check the lengths of the arrays before using them in the loop to prevent such an attack.
Tools Used
Manual.
Recommended Mitigation Steps
Add the follow statement:
require(strategies.length == shares.length, "DelegationManager.decreaseDelegatedShares: input length mismatch");Instances
https://github.com/code-423n4/2023-04-eigenlayer/blob/5e4872358cd2bda1936c29f460ece2308af4def6/src/contracts/core/DelegationManager.sol#L172
Assessed type
DoS