Closed sherlock-admin2 closed 7 months ago
1 comment(s) were left on this issue during the judging contest.
takarez commented:
invalid because { this is invalid because of how the watson explain; had he sais it will kead to unextepected behavior;it then will fall under a dupp of 001 or 002; but reverting in this case is a good thing to tell a user that something is wrong; so i consider it invalid due to lack of clear explanation}
araj
medium
Improper input validation in
telcoinDistributor::proposeTransaction
Summary
A transaction can be created with different length of
destinations
andamount
, if that happens it will revert while executing without-of-bound
errorVulnerability Detail
telcoinDistributor::proposeTransaction
is taking destinations and amounts array as inputs, there can be a scenario where there lengths are not same as there is no checks, if that happens then transaction will revert even after it has no challenge because ofout-of-bound
errorImpact
Transaction will revert even after having no challenge
Code Snippet
https://github.com/sherlock-audit/2024-01-telcoin/blob/main/telcoin-audit/contracts/protocol/core/TelcoinDistributor.sol#L87C1-L106C6
Tool used
Manual Review
Recommendation
Use checks in proposeTransaction()
Duplicate of #2