search

sherlock-audit / 2023-04-splits-judging

4 stars 1 forks source link

moneyversed - No Input Validation for Length of Arrays in SwapperImpl.sol #22

Closed sherlock-admin closed 1 year ago

sherlock-admin commented 1 year ago

moneyversed

high

No Input Validation for Length of Arrays in SwapperImpl.sol

Summary

In the flash function of SwapperImpl.sol, there is no input validation for the length of quoteParams_ array, which could lead to unpredictable behavior and potential security vulnerabilities.

Vulnerability Detail

The flash function does not validate the length of the quoteParams_ array, which can lead to unexpected behavior if an attacker submits an array with an excessive length, potentially causing a DoS attack or other security vulnerabilities.

Impact

This vulnerability could lead to unpredictable behavior, potentially impacting the availability and functionality of the platform.

Code Snippet

https://github.com/sherlock-audit/2023-04-splits/blob/main/splits-swapper/src/SwapperImpl.sol#L203

Tool used

Manual Review

Recommendation

Consider adding input validation for the length of the quoteParams_ array to ensure it does not exceed a safe limit. This will help mitigate potential DoS attacks or other security vulnerabilities that may arise from processing excessively large arrays.

require(quoteParams_.length <= MAX_ARRAY_LENGTH, "Array length exceeds the limit");

Where MAX_ARRAY_LENGTH is a predefined constant that represents the maximum allowed length for the quoteParams_ array.