The referenced function does not ensure that the array lengths are matching, causing potentially undefined behaviour to arise due to out-of-bound array access.
Example:
/**
* @notice Allows batch transfer of multiple NFTs.
* @param _addresses Array of NFT collection addresses.
* @param _tokenIds Array of NFT token IDs corresponding to the addresses.
* @param _to The destination address for the NFTs.
*/
function batchTransfer(address[] calldata _addresses, uint256[] calldata _tokenIds, address _to) external {
uint256 len = _addresses.length;
require(len <= 50, "exceeded the limits");
for (uint64 i; i < len; ++i) {
IERC721Upgradeable(_addresses[i]).safeTransferFrom(msg.sender, _to, _tokenIds[i]);
}
}
Recommendation:
We advise a require check to be introduced ensuring that all input arguments share the same length.
HKskn
commented
4 months ago
AMR-04M: Inexistent Validation of Input Array Lengths
Description:
The referenced function does not ensure that the array lengths are matching, causing potentially undefined behaviour to arise due to out-of-bound array access.
Example:
Recommendation:
We advise a
requirecheck to be introduced ensuring that all input arguments share the samelength.