Closed c4-submissions closed 10 months ago
141345 marked the issue as insufficient quality report
141345 marked the issue as remove high or low quality report
141345 marked the issue as insufficient quality report
expected behavior
alex-ppg marked the issue as duplicate of #1891
alex-ppg marked the issue as unsatisfactory: Invalid
Lines of code
https://github.com/code-423n4/2023-10-nextgen/blob/main/smart-contracts/XRandoms.sol#L15-L33 https://github.com/code-423n4/2023-10-nextgen/blob/main/smart-contracts/XRandoms.sol#L45-L47
Vulnerability details
Impact
The
getWord
function will revert ifid
is greater than or equal to 101. This is an undesirable behavior as thereturnIndex
function is marked aspublic
meaning external users could use it and get their call unexpectedly reverted.Proof of Concept
If a user inputs
id = 105
into thereturnIndex
function belowThen the function
getWord
belowwill be called with
id = 105
and will revert after trying to fetchwordsList[105 - 1]
which does not exist aswordsList
only contains 100 elements.Tools Used
Visual Studio / Manual Review
Recommended Mitigation Steps
Use
id % 100
instead ofid
as this will ensure the functiongetWord
does not revert (asid % 100
will always be lesser than 100).We should then replace
With
This will not endanger the function’s behavior as it is used with a random number as input (
getWord(randomNum)
in therandomWord()
function):Alternatively, we should at least add a requirement to the
getWord
function like soAnd add comments to describe the function and its inputs to avoid users mistakenly using the function with
id
larger than 100.Assessed type
Invalid Validation