Underflow can be occurred in codebase

[c4-submissions]

Lines of code

https://github.com/code-423n4/2023-10-wildcat/blob/main/src/WildcatArchController.sol#L85-L96 https://github.com/code-423n4/2023-10-wildcat/blob/main/src/WildcatArchController.sol#L128-L139 https://github.com/code-423n4/2023-10-wildcat/blob/main/src/WildcatArchController.sol#L171-L182 https://github.com/code-423n4/2023-10-wildcat/blob/main/src/WildcatArchController.sol#L214-L225

Vulnerability details

Impact

Because of the lack of the input validation, underflow can be occurred in the code.

Proof of Concept

https://github.com/code-423n4/2023-10-wildcat/blob/main/src/WildcatArchController.sol#L85C1-L96C4

  function getRegisteredBorrowers(
    uint256 start,
    uint256 end
  ) external view returns (address[] memory arr) {
    uint256 len = _borrowers.length();
    end = MathUtils.min(end, len);
    uint256 count = end - start;
    arr = new address[](count);
    for (uint256 i = 0; i < count; i++) {
      arr[i] = _borrowers.at(start + i);
    }
  }

In this code, there is no input validation for the variables start and `end," which could potentially lead to underflow issues.

For instance, the following line of code: uint256 count = end - start; This lack of input validation is a recurring issue in multiple functions throughout the codebase.

Tools Used

Manual Review

Recommended Mitigation Steps

Add the input validation code.

function getRegisteredBorrowers(
    uint256 start,
    uint256 end
) external view returns (address[] memory arr) {
    require(end >= start, "End must be greater than or equal to start");
    uint256 len = _borrowers.length();
    end = MathUtils.min(end, len);
    uint256 count = end - start;
    arr = new address[](count);
    for (uint256 i = 0; i < count; i++) {
        arr[i] = _borrowers.at(start + i);
    }
}

Assessed type

Under/Overflow

[c4-pre-sort]

minhquanym marked the issue as duplicate of #11

[c4-judge]

MarioPoneder marked the issue as unsatisfactory: Insufficient quality