This function will increase bridgeAgentsLenght rather than bridgeAgentFactoriesLenght which will lead to improper state update in bridgeAgentFactories[] array.
Also it will lead to improper state change in bridgeAgents[] as bridgeAgentsLenght is changed unexpectedly.
This can have severe impact while traversing and fetching addresses from both arrays.
Lines of code
https://github.com/code-423n4/2023-05-maia/blob/cfed0dfa3bebdac0993b1b42239b4944eb0b196c/src/ulysses-omnichain/RootPort.sol#L405-L411
Vulnerability details
Impact
This function will increase
bridgeAgentsLenght
rather thanbridgeAgentFactoriesLenght
which will lead to improper state update inbridgeAgentFactories[]
array.Also it will lead to improper state change in
bridgeAgents[]
asbridgeAgentsLenght
is changed unexpectedly.This can have severe impact while traversing and fetching addresses from both arrays.
Proof of Concept
https://github.com/code-423n4/2023-05-maia/blob/cfed0dfa3bebdac0993b1b42239b4944eb0b196c/src/ulysses-omnichain/RootPort.sol#L405-L411
Tools Used
Manual Review
Recommended Mitigation Steps
bridgeAgentsLenght
and addbridgeAgentFactoriesLenght
instead in the function.Assessed type
Error