search

code-423n4 / 2023-11-kelp-findings

13 stars 11 forks source link

`nodeDelegatorContracts` array should be checked for a Zero Address beforehand #774

Open c4-submissions opened 11 months ago

c4-submissions commented 11 months ago

Lines of code

https://github.com/code-423n4/2023-11-kelp/blob/f751d7594051c0766c7ecd1e68daeb0661e43ee3/src/LRTDepositPool.sol#L162-L176

Vulnerability details

Impact

If nodeDelegatorContracts is an array of five and the third address is zero the function will revert with only the first two address being pushed to the nodeDelegatorQueue.That will create a problem making duplicates or making mistakes in general

Proof of Concept

https://github.com/code-423n4/2023-11-kelp/blob/f751d7594051c0766c7ecd1e68daeb0661e43ee3/src/LRTDepositPool.sol#L162-L176

Tools Used

manual review

Recommended Mitigation Steps

The check for zero Addresses should be happening before the addresses gets pushed to the nodeDelegatorQueue array

Assessed type

Other

c4-pre-sort commented 11 months ago

raymondfam marked the issue as insufficient quality report

c4-pre-sort commented 11 months ago

raymondfam marked the issue as duplicate of #69

c4-judge commented 10 months ago

fatherGoose1 changed the severity to QA (Quality Assurance)

c4-judge commented 10 months ago

fatherGoose1 marked the issue as grade-b