search

code-423n4 / 2024-05-gondi-mitigation-findings

0 stars 0 forks source link

M-01 MitigationConfirmed #66

Open c4-bot-1 opened 5 months ago

c4-bot-1 commented 5 months ago

Lines of code

Vulnerability details

Issue

There is a maxTranches limit in Loan contract. However it is only checked in addNewTranche() but not in other flows. For example, a loan could be opened with already more tranches than maxTranches

Mitigation

The fix added the missing check for maxTranches for all flows that might add tranches. The check is added to _validateExecutionFlow() which is a shared functions between those flows.

if (block.timestamp > _executionData.executionData.expirationTime) {
    revert ExpiredOfferError(_executionData.executionData.expirationTime);
}
+ if (_executionData.executionData.offerExecution.length > getMaxTranches) {
+    revert TooManyTranchesError(); 
+ }
c4-judge commented 5 months ago

alex-ppg marked the issue as satisfactory