vulnerability details
Backup collaterals are used in the contract to ensure that the basket (or pool) of assets remains balanced and meets predefined target weights even if some primary assets are unavailable or unsuitable, in the basketlib.sol when adding the backup ercs the loop iterates over backup.erc20s.length array to add the given erc to the backup however the problem is in the baskethandler.sol when setting up the backup config the loop iterates over erc20s.length array instead of backup.erc20s.length
impact
wrong backup erc tokens will be added which can lead to other issues for the protocol If invalid tokens are added, they can disrupt the backup process. They may not be usable when the system needs them, leading to failures in the backup strategy and possibly leaving the system vulnerable if primary tokens fail\
mitigation
iterate over backup.erc20s.length instead of erc20s.length
Lines of code
https://github.com/code-423n4/2024-07-reserve/blob/3f133997e186465f4904553b0f8e86ecb7bbacbf/contracts/p1/BasketHandler.sol#L296
Vulnerability details
vulnerability details Backup collaterals are used in the contract to ensure that the basket (or pool) of assets remains balanced and meets predefined target weights even if some primary assets are unavailable or unsuitable, in the basketlib.sol when adding the backup ercs the loop iterates over backup.erc20s.length array to add the given erc to the backup however the problem is in the baskethandler.sol when setting up the backup config the loop iterates over erc20s.length array instead of backup.erc20s.length
the right loop https://github.com/code-423n4/2024-07-reserve/blob/3f133997e186465f4904553b0f8e86ecb7bbacbf/contracts/p1/mixins/BasketLib.sol#L252
the problematic loop https://github.com/code-423n4/2024-07-reserve/blob/3f133997e186465f4904553b0f8e86ecb7bbacbf/contracts/p1/BasketHandler.sol#L296
impact wrong backup erc tokens will be added which can lead to other issues for the protocol If invalid tokens are added, they can disrupt the backup process. They may not be usable when the system needs them, leading to failures in the backup strategy and possibly leaving the system vulnerable if primary tokens fail\
mitigation
iterate over backup.erc20s.length instead of erc20s.length
Assessed type
Loop