LiquidInfrastructureERC20:_afterTokenTransfer , This bug causes the loss of the original element at the last position of the array and duplicates the element at index i at the end before removing it, resulting in unintended data loss and duplication.

[c4-bot-5]

Lines of code

https://github.com/code-423n4/2024-02-althea-liquid-infrastructure/blob/bd6ee47162368e1999a0a5b8b17b701347cf9a7d/liquid-infrastructure/contracts/LiquidInfrastructureERC20.sol#L174

Vulnerability details

Impact

Detailed description of the impact of this finding. It overwrites the element at index i with the last element and then removes the last element. This is indeed a bug because the element that was originally at the last position in the array is lost, and the element at index i is duplicated at the end of the array, which later got deleted.

Proof of Concept

Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept.

Tools Used

Manual Review

Recommended Mitigation Steps

Using proper swapping between the index having balance '0' and the last element index and then pop(deleting) the holders array.

Assessed type

Error

[c4-pre-sort]

0xRobocop marked the issue as insufficient quality report

[c4-judge]

0xA5DF marked the issue as unsatisfactory: Invalid

[0xA5DF]

No impact demonstrated