function getRegisteredBorrowers(
uint256 start,
uint256 end
) external view returns (address[] memory arr) {
uint256 len = _borrowers.length();
end = MathUtils.min(end, len);
uint256 count = end - start;
arr = new address[](count);
for (uint256 i = 0; i < count; i++) {
arr[i] = _borrowers.at(start + i);
}
}
In this code, there is no input validation for the variables start and `end," which could potentially lead to underflow issues.
For instance, the following line of code:
uint256 count = end - start;
This lack of input validation is a recurring issue in multiple functions throughout the codebase.
Tools Used
Manual Review
Recommended Mitigation Steps
Add the input validation code.
function getRegisteredBorrowers(
uint256 start,
uint256 end
) external view returns (address[] memory arr) {
require(end >= start, "End must be greater than or equal to start");
uint256 len = _borrowers.length();
end = MathUtils.min(end, len);
uint256 count = end - start;
arr = new address[](count);
for (uint256 i = 0; i < count; i++) {
arr[i] = _borrowers.at(start + i);
}
}
Lines of code
https://github.com/code-423n4/2023-10-wildcat/blob/main/src/WildcatArchController.sol#L85-L96 https://github.com/code-423n4/2023-10-wildcat/blob/main/src/WildcatArchController.sol#L128-L139 https://github.com/code-423n4/2023-10-wildcat/blob/main/src/WildcatArchController.sol#L171-L182 https://github.com/code-423n4/2023-10-wildcat/blob/main/src/WildcatArchController.sol#L214-L225
Vulnerability details
Impact
Because of the lack of the input validation, underflow can be occurred in the code.
Proof of Concept
https://github.com/code-423n4/2023-10-wildcat/blob/main/src/WildcatArchController.sol#L85C1-L96C4
In this code, there is no input validation for the variables start and `end," which could potentially lead to underflow issues.
For instance, the following line of code:
uint256 count = end - start;
This lack of input validation is a recurring issue in multiple functions throughout the codebase.Tools Used
Manual Review
Recommended Mitigation Steps
Add the input validation code.
Assessed type
Under/Overflow