luzzif
commented
3 months ago This is mostly informational and doesn't impact the contract.
Open hats-bug-reporter[bot] opened 4 months ago
luzzif
commented
3 months ago This is mostly informational and doesn't impact the contract.
Github username: -- Twitter username: @benoitonchain Submission hash (on-chain): 0x162d7db6aeb40fa1bfc62e9305f0368a39dddd61378ca5b4e8b6fee7bfe0d858 Severity: low
Description: Description\ The vulnerability "shadowing-local" occurs when a local variable in a function has the same name as a function or variable in a higher scope, causing the local variable to "shadow" or hide the higher scope entity. This can lead to confusion and unintended behavior in the code, as the local variable takes precedence over the higher scope entity within the function where it is declared. This can result in unexpected behavior or errors when trying to access the higher scope entity within that function. It is important to avoid shadowing local variables to maintain code clarity and prevent potential issues in the program.
Attack Scenario\ /
Attachments
Proof of Concept (PoC) File There are 5 occurences :
https://github.com/hats-finance/Metrom-0xfdfc6d4ac5807d7460da20a3a1c0c84ef2b9c5a2/blob/main/src/IMetrom.sol#L317
https://github.com/hats-finance/Metrom-0xfdfc6d4ac5807d7460da20a3a1c0c84ef2b9c5a2/blob/main/src/IMetrom.sol#L397
https://github.com/hats-finance/Metrom-0xfdfc6d4ac5807d7460da20a3a1c0c84ef2b9c5a2/blob/main/src/IMetrom.sol#L391
https://github.com/hats-finance/Metrom-0xfdfc6d4ac5807d7460da20a3a1c0c84ef2b9c5a2/blob/main/src/IMetrom.sol#L346
https://github.com/hats-finance/Metrom-0xfdfc6d4ac5807d7460da20a3a1c0c84ef2b9c5a2/blob/main/src/IMetrom.sol#L337
Revised Code File (Optional) For Instance IMetrom.sol#L317
To rectify the vulnerability in the code snippet provided, you should rename the local variable ossified to avoid shadowing the function ossified. This shadowing can lead to confusion and potential errors in the code.
Here is the corrected version:
By renaming the local variable to isOssified, you ensure clarity and prevent any unintended consequences that may arise from shadowing a function with a variable of the same name.