The referenced require check within the RevenueDistributor::convertRewardTokenBatch function is meant to ensure that the input arrays are of identical length, however, it fails to do so.
Specifically, if the len is different from the _amounts.length and the _targets.length is different from the _data.length, the check will consider the lengths "valid" as false == false.
Impact:
The code permits potential compilation bugs to be exploited due to out-of-bound array access.
RDR-01M: Incorrect Validation of Array Lengths
Description:
The referenced
require
check within theRevenueDistributor::convertRewardTokenBatch
function is meant to ensure that the input arrays are of identical length, however, it fails to do so.Specifically, if the
len
is different from the_amounts.length
and the_targets.length
is different from the_data.length
, the check will consider the lengths "valid" asfalse == false
.Impact:
The code permits potential compilation bugs to be exploited due to out-of-bound array access.
Example:
Recommendation:
We advise the code to validate the lengths in a sequential manner, ensuring all arrays are of equal length.