search

code-423n4 / 2023-09-delegate-findings

2 stars 1 forks source link

[M-02] Out of bounds array access in CreateOfferer contract #23

Closed c4-submissions closed 1 year ago

c4-submissions commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-09-delegate/blob/a6dbac8068760ee4fc5bababb57e3fe79e5eeb2e/src/CreateOfferer.sol#L68 https://github.com/code-423n4/2023-09-delegate/blob/a6dbac8068760ee4fc5bababb57e3fe79e5eeb2e/src/CreateOfferer.sol#L85

Vulnerability details

Impact

Detailed description of the impact of this finding. Out of bounds array access refers to a situation where you attempt to access an element in an array at an index that is outside the valid range of indices for that array. This can have a significant impact on the functionality and security of a smart contract. Here are some potential impacts of out-of-bounds array access:

Runtime Errors: When you try to access an array element at an invalid index, it will result in a runtime error. This can cause the entire transaction to fail and consume gas without achieving the intended functionality.

Data Corruption: Accessing out-of-bounds elements can corrupt the data stored in the contract's storage. This can lead to unexpected behavior and loss of data integrity, which is a serious concern for smart contracts.

Security Vulnerabilities: In some cases, out-of-bounds array access can be exploited by malicious actors to manipulate contract state or execute attacks. For example, an attacker might try to overflow an array to overwrite important contract variables or manipulate the contract's behavior.

Gas Consumption: Even if the out-of-bounds access does not directly result in an error, it can still consume a significant amount of gas. Gas is a critical resource in Ethereum, and inefficient code can make transactions expensive or unfeasible.

Contract Freezing: In certain cases, repeated out-of-bounds array accesses can lead to the contract becoming "frozen" or unusable. This occurs when all state-changing functions become too costly to execute due to excessive gas consumption.

User Experience: Users interacting with a contract that experiences out-of-bounds array accesses may have a poor experience. Transactions may fail unexpectedly, leading to frustration and confusion.

Proof of Concept

Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept.

// https://github.com/code-423n4/2023-09-delegate/blob/a6dbac8068760ee4fc5bababb57e3fe79e5eeb2e/src/CreateOfferer.sol#L68
     * @param context The upper bits of context should be encoded with the CreateOffererStruct
// https://github.com/code-423n4/2023-09-delegate/blob/a6dbac8068760ee4fc5bababb57e3fe79e5eeb2e/src/CreateOfferer.sol#L85
     * @param targetTokenReceiver Is the receiver of the intended targetToken, the delegate / principal token

Tools Used

Mythx. VS Code.

Recommended Mitigation Steps

To mitigate the impact of out-of-bounds array access, developers should follow best practices when writing Solidity smart contracts:

Always check the array index before accessing it to ensure it falls within valid bounds. Use safe math libraries to prevent arithmetic overflows and underflows. Consider using dynamic arrays when the size of the array is not known in advance. Utilize error handling mechanisms in Solidity to gracefully handle exceptional cases and revert transactions when necessary. Implement thorough testing and code audits to identify and fix potential vulnerabilities, including out-of-bounds array access.

Assessed type

Access Control

GalloDaSballo commented 1 year ago

See 20

c4-judge commented 1 year ago

GalloDaSballo marked the issue as unsatisfactory: Invalid

GalloDaSballo commented 1 year ago

Using MythX is not sufficient, please use those automated findings to construct real attacks