search

sherlock-audit / 2024-01-telcoin-judging

6 stars 5 forks source link

iberry - input array length must check be the same in proposeTransaction or batchTelcoin #170

Closed sherlock-admin closed 6 months ago

sherlock-admin commented 6 months ago

iberry

high

input array length must check be the same in proposeTransaction or batchTelcoin

Summary

The proposeTransaction and batchTelcoin function accepts two array parameters,but don't validate that their lengths are identical.

Vulnerability Detail

The proposeTransaction function accepts two array parameters and isn't required to validate that their lengths are identical. If the CouncilMember input is misleading, it may loss token because the safeTransfer transfer error during the batchTelcoin process "

Impact

medium, may be cause token loss

Code Snippet

https://github.com/sherlock-audit/2024-01-telcoin/blob/main/telcoin-audit/contracts/protocol/core/TelcoinDistributor.sol#L87-L102 https://github.com/sherlock-audit/2024-01-telcoin/blob/main/telcoin-audit/contracts/protocol/core/TelcoinDistributor.sol#L185-L196

Tool used

Manual Review

Recommendation

require(destinations.length == amounts.length) at proposeTransaction or batchTelcoin

Duplicate of #2

sherlock-admin2 commented 6 months ago

1 comment(s) were left on this issue during the judging contest.

takarez commented:

invalid because { There is no way this will cause token loss and its same with issue 164 and 001}