Reverting when the heap is full:
a) You mentioned in the comments that the function will revert if the heap is full.
b) However, the code as it stands doesn't have any logic to check if the heap is indeed full.
c) Depending on the context, you might want to add a check to ensure that the heap doesn't exceed a certain maximum size.
SOLUTION:
uint256 public maxHeapSize; // Define the maximum heap size as a state variable
function insert(uint256 itemId, uint256 value) public onlyAdmin {
require(size < maxHeapSize, "Heap is full, cannot insert more items"); // Check if the heap is full
heap[size] = itemId;
valueMapping[itemId] = value; // Update the value mapping
positionMapping[itemId] = size; // Update the position mapping
uint256 current = size;
while (current != 0 && valueMapping[heap[current]] > valueMapping[heap[parent(current)]]) {
swap(current, parent(current));
current = parent(current);
}
size++;
Lines of code
https://github.com/code-423n4/2023-12-revolutionprotocol/blob/d42cc62b873a1b2b44f57310f9d4bbfdd875e8d6/packages/revolution/src/MaxHeap.sol#L119
Vulnerability details
Reverting when the heap is full: a) You mentioned in the comments that the function will revert if the heap is full. b) However, the code as it stands doesn't have any logic to check if the heap is indeed full. c) Depending on the context, you might want to add a check to ensure that the heap doesn't exceed a certain maximum size.
SOLUTION:
uint256 public maxHeapSize; // Define the maximum heap size as a state variable
constructor(uint256 _maxHeapSize) { maxHeapSize = _maxHeapSize; }
function insert(uint256 itemId, uint256 value) public onlyAdmin { require(size < maxHeapSize, "Heap is full, cannot insert more items"); // Check if the heap is full
}
Assessed type
Invalid Validation