Valid Pairs Incorrectly Marked as Invalid

[c4-bot-9]

Lines of code

[RebalancingLibrary.sol]https://github.com/code-423n4/2024-05-predy/blob/a9246db5f874a91fb71c296aac6a66902289306a/src/libraries/RebalancingLibrary.sol#L26-L42

Vulnerability details

Impact:

Lack of proper validation for parameters can introduce unforeseen behavior and security risks in the protocol.

Proof of Concept:

Consider the following code from RebalancingLibrary.sol:

solidity function rebalance( GlobalDataLibrary.GlobalData storage globalData, uint256 pairId, int256 tradeAmount, int256 tradeAmountSqrt, bytes memory settlementData ) external returns (RebalancingResult memory result) { // Code omitted for brevity }

Parameters such as pairId, tradeAmount, and tradeAmountSqrt does not contain validation checks,which will lead to potential issues during execution.

Tool Used:

Manual Review.

Recommended Mitigation Steps:

validation checks should be Introduce for parameters so as to ensure they are within expected ranges and readily adhere to protocol requirements:

diff function rebalance( GlobalDataLibrary.GlobalData storage globalData, uint256 pairId, int256 tradeAmount, int256 tradeAmountSqrt, bytes memory settlementData ) external returns (RebalancingResult memory result) {

• require(pairId > 0 && pairId <= globalData.pairsCount, "Invalid pair ID");
• require(tradeAmount != 0, "Trade amount must be non-zero");
• require(tradeAmountSqrt != 0, "Trade amount sqrt must be non-zero"); // Additional code omitted for brevity }

Incorporating these checks guarantees the validity of parameters, thereby preventing unintended behavior within the protocol.

-- Failing to address these vulnerabilities could result in substantial financial losses and operational inefficiencies within the protocol. Swiftly adopting the recommended mitigation measures will bolster security and reinforce user confidence and trust.

Assessed type

Other