Open c4-submissions opened 11 months ago
raymondfam marked the issue as insufficient quality report
raymondfam marked the issue as duplicate of #69
fatherGoose1 changed the severity to QA (Quality Assurance)
fatherGoose1 marked the issue as grade-b
Lines of code
https://github.com/code-423n4/2023-11-kelp/blob/f751d7594051c0766c7ecd1e68daeb0661e43ee3/src/LRTDepositPool.sol#L162-L176
Vulnerability details
Impact
If
nodeDelegatorContracts
is an array of five and the third address is zero the function will revert with only the first two address being pushed to thenodeDelegatorQueue
.That will create a problem making duplicates or making mistakes in generalProof of Concept
https://github.com/code-423n4/2023-11-kelp/blob/f751d7594051c0766c7ecd1e68daeb0661e43ee3/src/LRTDepositPool.sol#L162-L176
Tools Used
manual review
Recommended Mitigation Steps
The check for zero Addresses should be happening before the addresses gets pushed to the
nodeDelegatorQueue
arrayAssessed type
Other