search

code-423n4 / 2023-08-dopex-findings

3 stars 3 forks source link

Array Mismatch in RdpxV2Core.sol #2160

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-08-dopex/blob/main/contracts/core/RdpxV2Core.sol#L258-L259 https://github.com/code-423n4/2023-08-dopex/blob/main/contracts/core/RdpxV2Core.sol#L124-L136

Vulnerability details

Impact

reserveTokens and reserveAsset are not synced because reserveTokens was not initialized in the constructor.

Proof of Concept

The RdpxV2Core.sol contract stores the reserve token information and also uses another array to only track the reserve token symbols, the problem is that there is a mismatch since the constructor pushes a dummy ZERO token but it forgets to push its equivalent reserveTokens the value ZERO, so now when addAssetTotokenReserves() is called to add a new asset it pushes both reserveAsset.push(asset) and reserveTokens.push(_assetSymbol), so the current index of the former is 1 and the latter is 0, so there is a mismatch there.

Tools Used

Manual

Recommended Mitigation Steps

Add reserveTokens.push("ZERO"); in the constructor right after the reserveAsset.push(zeroAsset); so both arrays are synced.

Assessed type

Other

c4-pre-sort commented 1 year ago

bytes032 marked the issue as duplicate of #340

c4-pre-sort commented 1 year ago

bytes032 marked the issue as duplicate of #1770

c4-pre-sort commented 1 year ago

bytes032 marked the issue as sufficient quality report

c4-judge commented 1 year ago

GalloDaSballo marked the issue as unsatisfactory: Invalid