Provided trade data array is not checked for matching length
Summary
orderList and signatureList are basically checked if they match by checking order.signer and recovered signer in signatureList
This is not the case for matchPaperAmount
Vulnerability Detail
If the arrays are are incorrectly passed e.g. orderList and signatureList array length = 5 and matchPaperAmount = 4 , the last order will receive 0 values, creating incorrect positions.
Delvir0
medium
Provided trade data array is not checked for matching length
Summary
orderList
andsignatureList
are basically checked if they match by checkingorder.signer
and recovered signer insignatureList
This is not the case formatchPaperAmount
Vulnerability Detail
If the arrays are are incorrectly passed e.g.
orderList
andsignatureList
array length = 5 andmatchPaperAmount
= 4 , the last order will receive 0 values, creating incorrect positions.Impact
Incorrect positions created
Code Snippet
https://github.com/sherlock-audit/2023-04-jojo/blob/main/smart-contract-EVM/contracts/impl/JOJOExternal.sol#L140
Tool used
Manual Review
Recommendation
Check if
matchPaperAmount
matches the length oforderList
and/ orsignatureList