Detailed description of the impact of this finding.
there is no check of array length in MetadataStore.sol.
Proof of Concept
Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept.
constructor(
bytes32[] memory properties,
uint256[][] memory indices,
Pointer[][] memory pointers
) {
for (uint256 i = 0; i < properties.length; i++) {
for (uint256 j = 0; j < indices[i].length; j++) {
@> metadata[properties[i]][indices[i][j]] = pointers[i][j];
}
}
}
}
Lines of code
https://github.com/code-423n4/2024-06-panoptic/blob/main/contracts/base/MetadataStore.sol#L30
Vulnerability details
Impact
Detailed description of the impact of this finding. there is no check of array length in MetadataStore.sol.
Proof of Concept
Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept. constructor( bytes32[] memory properties, uint256[][] memory indices, Pointer[][] memory pointers ) { for (uint256 i = 0; i < properties.length; i++) { for (uint256 j = 0; j < indices[i].length; j++) { @> metadata[properties[i]][indices[i][j]] = pointers[i][j]; } } } }
Tools Used
Recommended Mitigation Steps
require(properties.length()==indices.length()); require(MetadataStore.sol==pointers.length());
Assessed type
Context