search

code-423n4 / 2023-09-delegate-findings

2 stars 1 forks source link

Improper deletion [ FILE NAME : DelegateToken.sol ] #239

Closed c4-submissions closed 12 months ago

c4-submissions commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-09-delegate/blob/a6dbac8068760ee4fc5bababb57e3fe79e5eeb2e/src/DelegateToken.sol#L361

Vulnerability details

Impact

1.Delete function value of that index is removed and replaced by "0" and array size remains same and this lead to erroneous business logic and cause improper results.

Proof of Concept

  1. https://github.com/code-423n4/2023-09-delegate/blob/a6dbac8068760ee4fc5bababb57e3fe79e5eeb2e/src/DelegateToken.sol#L361

Tools Used

1.Manual audit and solidity visual developer

Recommended Mitigation Steps

  1. Remove array elements by shifting right to left.

  2. use push and pop functions to interact with array elements. EXAMPLE CODE : 

          function remove(uint _index) public {
        for (uint i = _index; i < arr.length - 1;i++) {
          arr[i] = arr[i + 1];
        }
       arr.pop();       
      }

Assessed type

Other

c4-judge commented 12 months ago

GalloDaSballo marked the issue as unsatisfactory: Insufficient proof

GalloDaSballo commented 12 months ago

They are clearing a value on a fixed length array