No Input Validation for Length of Arrays in SwapperImpl.sol
Summary
In the flash function of SwapperImpl.sol, there is no input validation for the length of quoteParams_ array, which could lead to unpredictable behavior and potential security vulnerabilities.
Vulnerability Detail
The flash function does not validate the length of the quoteParams_ array, which can lead to unexpected behavior if an attacker submits an array with an excessive length, potentially causing a DoS attack or other security vulnerabilities.
Impact
This vulnerability could lead to unpredictable behavior, potentially impacting the availability and functionality of the platform.
Consider adding input validation for the length of the quoteParams_ array to ensure it does not exceed a safe limit. This will help mitigate potential DoS attacks or other security vulnerabilities that may arise from processing excessively large arrays.
require(quoteParams_.length <= MAX_ARRAY_LENGTH, "Array length exceeds the limit");
Where MAX_ARRAY_LENGTH is a predefined constant that represents the maximum allowed length for the quoteParams_ array.
moneyversed
high
No Input Validation for Length of Arrays in SwapperImpl.sol
Summary
In the flash function of SwapperImpl.sol, there is no input validation for the length of quoteParams_ array, which could lead to unpredictable behavior and potential security vulnerabilities.
Vulnerability Detail
The flash function does not validate the length of the quoteParams_ array, which can lead to unexpected behavior if an attacker submits an array with an excessive length, potentially causing a DoS attack or other security vulnerabilities.
Impact
This vulnerability could lead to unpredictable behavior, potentially impacting the availability and functionality of the platform.
Code Snippet
https://github.com/sherlock-audit/2023-04-splits/blob/main/splits-swapper/src/SwapperImpl.sol#L203
Tool used
Manual Review
Recommendation
Consider adding input validation for the length of the quoteParams_ array to ensure it does not exceed a safe limit. This will help mitigate potential DoS attacks or other security vulnerabilities that may arise from processing excessively large arrays.
Where
MAX_ARRAY_LENGTH
is a predefined constant that represents the maximum allowed length for the quoteParams_ array.