search

code-423n4 / 2023-09-delegate-findings

2 stars 1 forks source link

Improper deletion [ FILE NAME : DelegateToken.sol ] #239

Closed c4-submissions closed 1 year ago

c4-submissions commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-09-delegate/blob/a6dbac8068760ee4fc5bababb57e3fe79e5eeb2e/src/DelegateToken.sol#L361

Vulnerability details

Impact

1.Delete function value of that index is removed and replaced by "0" and array size remains same and this lead to erroneous business logic and cause improper results.

Proof of Concept

  1. https://github.com/code-423n4/2023-09-delegate/blob/a6dbac8068760ee4fc5bababb57e3fe79e5eeb2e/src/DelegateToken.sol#L361

Tools Used

1.Manual audit and solidity visual developer

Recommended Mitigation Steps

  1. Remove array elements by shifting right to left.

  2. use push and pop functions to interact with array elements. EXAMPLE CODE : 

          function remove(uint _index) public {
        for (uint i = _index; i < arr.length - 1;i++) {
          arr[i] = arr[i + 1];
        }
       arr.pop();       
      }

Assessed type

Other

c4-judge commented 1 year ago

GalloDaSballo marked the issue as unsatisfactory: Insufficient proof

GalloDaSballo commented 1 year ago

They are clearing a value on a fixed length array