In cancelVouch, voucherIndexes is incorrectly update, messing up the whole accountability and ultimately leading to loss of funds for stakers
Vulnerability Detail
Here, vouchers[borrower][vouchers[borrower].length - 1] is moved but
voucherIndexes is not updated. So the user that created vouchers[borrower][vouchers[borrower].length - 1] cannot modify this voucher anymore has voucherIndexes is incorrect.
Impact
Affected users will not be able to close or update their trust amounts anymore, hence will lose funds.
Picodes
high
voucherIndexesis incorrectly updatedSummary
In
cancelVouch,voucherIndexesis incorrectly update, messing up the whole accountability and ultimately leading to loss of funds forstakersVulnerability Detail
Here,
vouchers[borrower][vouchers[borrower].length - 1]is moved butvoucherIndexesis not updated. So the user that createdvouchers[borrower][vouchers[borrower].length - 1]cannot modify thisvoucheranymore hasvoucherIndexesis incorrect.Impact
Affected users will not be able to close or update their
trustamounts anymore, hence will lose funds.Tool used
Manual Review
Recommendation
Add the following line:
voucherIndexes[borrower][vouchers[borrower][vouchers[borrower].length - 1].staker].idx = voucherIndex.idxDuplicate of #157