Provided trade data array is not checked for matching length
Summary
orderList and signatureList are basically checked if they match by checking order.signer and recovered signer in signatureList
This is not the case for matchPaperAmount
Vulnerability Detail
If the arrays are are incorrectly passed e.g. orderList and signatureList array length = 5 and matchPaperAmount = 4 , the last order will receive 0 values, creating incorrect positions.
Delvir0
medium
Provided trade data array is not checked for matching length
Summary
orderListandsignatureListare basically checked if they match by checkingorder.signerand recovered signer insignatureListThis is not the case formatchPaperAmountVulnerability Detail
If the arrays are are incorrectly passed e.g.
orderListandsignatureListarray length = 5 andmatchPaperAmount= 4 , the last order will receive 0 values, creating incorrect positions.Impact
Incorrect positions created
Code Snippet
https://github.com/sherlock-audit/2023-04-jojo/blob/main/smart-contract-EVM/contracts/impl/JOJOExternal.sol#L140
Tool used
Manual Review
Recommendation
Check if
matchPaperAmountmatches the length oforderListand/ orsignatureList