listForSale() does not adequately check array length
Attack Scenario\
function listForSale(uint256[] calldata _mNftTokenIds, uint256[] calldata _targetTNftTokenIds, address[] calldata _reservedBuyers) external onlyAdmin {
require(_mNftTokenIds.length == _reservedBuyers.length, "Input arrays must be the same length");
for (uint256 i = 0; i < _mNftTokenIds.length; i++) {
uint256 mNftTokenId = _mNftTokenIds[i];
reservedBuyers[mNftTokenId] = _reservedBuyers[i];
targetTNftTokenIds[mNftTokenId] = _targetTNftTokenIds[i];
membershipNft.safeTransferFrom(msg.sender, address(this), mNftTokenId, 1, "");
}
}
In the code, only the lengths of the _mNftTokenIds and _reservedBuyers arrays are checked, requiring that they must have the same length. However, there is no length check for the _targetTNftTokenIds array. This can lead to a situation where the array lengths do not match, resulting in undefined behavior or data inconsistency.
Github username: @9olidity Twitter username: -- Submission hash (on-chain): 0xdb01facb24c06bcd0157bee74d976a638d94428de1bb57ae903b777dc3260f91 Severity: low
Description: Description\
listForSale()
does not adequately check array lengthAttack Scenario\
In the code, only the lengths of the _mNftTokenIds and _reservedBuyers arrays are checked, requiring that they must have the same length. However, there is no length check for the _targetTNftTokenIds array. This can lead to a situation where the array lengths do not match, resulting in undefined behavior or data inconsistency.
Attachments
_targetTNftTokenIds.length != _mNftTokenIds.length
Revised Code File (Optional)