Description:Description:
The EnumerableSet library returns a boolean value indicating success or failure when adding or removing elements. However, in the LM_PC_Bounties_v1 contract, the return value of contributorAddressToClaimIds.add is not checked.
Impact:
This oversight can result in the contract not functioning as intended.
Mitigation:
Ensure that the return value of the add method in EnumerableSet is checked and handled appropriately. Modify the code to require the add operation to succeed:
for (uint i; i < length;) {
c.contributors.push(contributors[i]);
// add ClaimId to each contributor address accordingly
- contributorAddressToClaimIds[contributors[i].addr].add(claimId);
+ require(contributorAddressToClaimIds[contributors[i].addr].add(claimId), "Failed to add claimId to contributor address");
unchecked {
++i;
}
}
By adding the require statement, the contract will revert if the add operation fails, ensuring that the contributorAddressToClaimIds mapping is correctly updated and preventing potential inconsistencies.
It doesnt matter if there are duplicates in there. The field is only used for userinformation.
even if the add returns false it just means there is a duplicate in the list and even that case is fine
Github username: @0xmahdirostami Twitter username: 0xmahdirostami Submission hash (on-chain): 0x7dcc57162ba02495ba70c6c84e2e6e57e9fba37b1b99fcbba2309d40f4a80edc Severity: low
Description: Description: The
EnumerableSet
library returns a boolean value indicating success or failure when adding or removing elements. However, in theLM_PC_Bounties_v1
contract, the return value ofcontributorAddressToClaimIds.add
is not checked.Impact: This oversight can result in the contract not functioning as intended.
Mitigation: Ensure that the return value of the
add
method inEnumerableSet
is checked and handled appropriately. Modify the code to require the add operation to succeed:By adding the
require
statement, the contract will revert if the add operation fails, ensuring that thecontributorAddressToClaimIds
mapping is correctly updated and preventing potential inconsistencies.