XO- revokeLPTransferors function prevent users from transferring LP tokens
Summary
The vulnerability can loop to delete elements from the allowances_ mapping that it should not delete. This could lead to incorrect behavior in the contract.
Vulnerability Detail
function revokeLPTransferors(
mapping(address => bool) storage allowances_,
address[] calldata transferors_
) external {
uint256 transferorsLength = transferors_.length;
for (uint256 i = 0; i < transferorsLength; ) {
delete allowances_[transferors_[i]];
unchecked { ++i; }
}
emit RevokeLPTransferors(
msg.sender,
transferors_
);
}
this delete allowances_[transferors_[i]]; make a problem that line will delete the the transferors_[i] element from the allowances_ mapping, but it will not update the i index. so that the next time the loop is gone to iterates, it will try to delete the element at index
i + 1, which may not exist.
Impact
the vulnerability can cause the loop to delete elements from the allowances_ mapping that it should not delete.
XDZIBEC
medium
XO-
revokeLPTransferorsfunction prevent users fromtransferring LP tokensSummary
The vulnerability can loop to delete elements from the
allowances_mapping that it should not delete. This could lead to incorrect behavior in the contract.Vulnerability Detail
delete allowances_[transferors_[i]];make a problem that line will delete the thetransferors_[i]element from theallowances_mapping, but it will not update theiindex. so that the next time the loop is gone to iterates, it will try to delete the element at indexi + 1, which may not exist.Impact
allowances_mapping that it should not delete.Code Snippet
Tool used
Manual Review
Recommendation
iindex after deleting the element from theallowances_mapping.