XO-getBucketStateStakeInfo function get Incorrect bucketId_ check
Summary
The getBucketStateStakeInfo function has a vulnerability that does not check if the bucket ID exists before returning any information so this can be exploit and can the attacker call the function with a bucket ID that does not exist, and the function would return incorrect information about the LP amount.
-The vulnerability is in the `getBucketStateStakeInfo` function it's returns the `LP` amount and the exchange rate for a given bucket and a given stake, at stake time, the function does not check if the bucket exists. means that if an attacker calls the function with a bucket ID that does not exist, the function will return incorrect information.
## Impact
- the vulnerability can cause a material loss of funds.
## Code Snippet
- https://github.com/sherlock-audit/2023-04-ajna/blob/main/ajna-core/src/interfaces/rewards/IRewardsManagerState.sol#L70C4-L75C2
## Tool used
Manual Review
## Recommendation
This can be fixing this problem :
```solidity
if (bucketId_ >= stakeInfo.snapshot.length) {
// Bucket does not exist
return (0, 0);
}
XDZIBEC
medium
XO-
getBucketStateStakeInfo
function get IncorrectbucketId_
checkSummary
getBucketStateStakeInfo
function has a vulnerability that does not check if the bucket ID exists before returning any information so this can be exploit and can the attacker call the function with a bucket ID that does not exist, and the function would return incorrect information about theLP
amount.Vulnerability Detail
}