The proofSubmitters[withdrawalHash].push(msg.sender); keeps on appending the proof submitters address array for the given withdrawal hash, the length of this array is returned via the numProofSubmitters function which could be used by diff offchain tools.
But here the same msg.sender could be added multiple times. Hence the above array does not provide the number of different proof submitters but provides the number of times the proofs were submitted
Impact
there can be a issue of having duplicate addresses in the array therby increasing the array length
no check for duplicate addresses in the array
Low/Info issue submitted by Shield
Summary
no check for duplicate addresses in the array
Vulnerability Detail
The
proofSubmitters[withdrawalHash].push(msg.sender);keeps on appending the proof submitters address array for the given withdrawal hash, the length of this array is returned via the numProofSubmitters function which could be used by diff offchain tools.But here the same msg.sender could be added multiple times. Hence the above array does not provide the number of different proof submitters but provides the number of times the proofs were submitted
Impact
there can be a issue of having duplicate addresses in the array therby increasing the array length
Code Snippet
https://github.com/sherlock-audit/2024-02-optimism-2024/blob/main/optimism/packages/contracts-bedrock/src/L1/OptimismPortal2.sol#L324
Tool used
Manual Review
Recommendation
use
AddressListin place of the array to avoid duplicate addresses.