Closed sherlock-admin closed 6 months ago
1 comment(s) were left on this issue during the judging contest.
takarez commented:
invalid because {This is invalid because attempting to call a function with mismatched array can be considered a mallicious act and thus the expected result is to revert; but for an innocent user that dosnt know it can be considerd a valid due to revert of a called funcion but i believe for innocent users the front-end will solve this issue and make sure they put the right match}
BAICE
medium
Mismatch length of destinations and amounts's length , will cause telcoin distribution fail
Summary
No checks of array length of telcoin transfer destinations and amounts .
Vulnerability Detail
In
TelcoinDistributor:executeTransaction
, when several require() statements are passed, thebatchTelcoin
will be executed , but there is no checks ofdestinations
's length andamounts
matchness .Impact
Batch telcoin transfers will fail .
Code Snippet
https://github.com/sherlock-audit/2024-01-telcoin/blob/main/telcoin-audit/contracts/protocol/core/TelcoinDistributor.sol#L143-L203
some requires checks before telcoin transfer .
Telcoin transfer execution .
Tool used
Manual Review, VScode
Recommendation
Add a new
require
statement to checkdestinations
's length is equals toamounts
matchness .Duplicate of #2