Closed sherlock-admin2 closed 7 months ago
2 comment(s) were left on this issue during the judging contest.
tsvetanovv commented:
I think the function works as it should and and the loop should be skipped the first time
0xAadi commented:
Invalid: wrong statement
Dobry
medium
getFeeOutputs
does not work as intended due to a wrong comparisonmedium
Summary
The
getFeeOutputs
does not work as intended due to a wrong comparison in the for loop.Vulnerability Detail
In the function
getFeeOutputs
, thefeeOutput.token
is being compared to theresult[j]
in the second for loop. The loop iterates whilej < feeCount
. The problem here is thatfeeCount
's default value is0
and it is being updated at the end of the first for loop. This means that on the first iteration of the main loop, thefeeCount
's value would not have incremented to1
, which will lead to the for loop not entering its body, therefore skipping the check and missing the0
index element.Impact
The
0
index element will be skipped which will lead to wrong functionality of the function.Code Snippet
getFeeOutputs
function:Tool used
Manual Review
Recommendation
In order to ensure that you cover the
0
index check, either add an additional check in the for loop for the case whenfeeCount
equals0
, or add an additional check for that specifical case outside of the for loop.