We cache an address if it is new in the mapping addressLookup. But it can be overwritten by anyone in the current case.
Vulnerability Detail
function _cacheAddress(address value) private {
uint256 index = addressCache.length;
addressCache.push(value);
addressLookup[value] = index;
emit AddressAddedToCache(value, index);
}
Here, there is no check to ensure that the value is not already cached in another index. thus can be overwritten.
Impact
Result will be
addressLookup mapping will not work as intended. Hence if any external actors or protocols use this mapping as a source of truth , it will hamper them.
supernova
medium
Cached Address can be changed by anyone
Summary
We cache an address if it is new in the mapping
addressLookup. But it can be overwritten by anyone in the current case.Vulnerability Detail
Here, there is no check to ensure that the
valueis not already cached in another index. thus can be overwritten.Impact
Result will be
addressLookupmapping will not work as intended. Hence if any external actors or protocols use this mapping as a source of truth , it will hamper them.Code Snippet
https://github.com/sherlock-audit/2023-05-perennial/blob/main/perennial-mono/packages/perennial/contracts/multiinvoker/MultiInvokerRollup.sol#L201-L207
Tool used
Manual Review
Recommendation
Check that
require addressLookup[value] ==(0) ;