The initializedVaults function within the smart contract is designed to retrieve a list of vault addresses based on a specified range defined by startIndex and endIndex. There is a potential issue with how the indices are interpreted, leading to the possible exclusion of the vault at endIndex_.
Vulnerability Detail
The function uses exclusive indexing for the endIndex_, which means that the vault at this index is not included in the returned list. This exclusive behavior is not inherently flawed but can be non-intuitive if users expect the endpoint to be included.
Impact
Users may misinterpret the function parameters, leading to incorrect assumptions about the data returned. This can cause confusion or lead to errors in how the function is used.
Clarify Documentation: Enhance the documentation within the smart contract and any external documentation to explicitly state that endIndex_ is exclusive. This clarification will help ensure that developers and users of the contract have correct expectations.
Consider Aligning with Common Practices: Assess the common practices and expectations within the ecosystem in which the contract operates. If inclusive indexing is more common or expected by the majority of the contract users, consider adjusting the function to include endIndex_ in the returned results.
0xrobsol
medium
Indexing Behavior in initializedVaults Function
Summary
The initializedVaults function within the smart contract is designed to retrieve a list of vault addresses based on a specified range defined by startIndex and endIndex. There is a potential issue with how the indices are interpreted, leading to the possible exclusion of the vault at endIndex_.
Vulnerability Detail
The function uses exclusive indexing for the endIndex_, which means that the vault at this index is not included in the returned list. This exclusive behavior is not inherently flawed but can be non-intuitive if users expect the endpoint to be included.
Impact
Users may misinterpret the function parameters, leading to incorrect assumptions about the data returned. This can cause confusion or lead to errors in how the function is used.
Code Snippet
https://github.com/sherlock-audit/2024-03-arrakis/blob/main/arrakis-modular/src/ArrakisStandardManager.sol#L530-L549
Tool used
Manual Review
Recommendation
Clarify Documentation: Enhance the documentation within the smart contract and any external documentation to explicitly state that endIndex_ is exclusive. This clarification will help ensure that developers and users of the contract have correct expectations.
Consider Aligning with Common Practices: Assess the common practices and expectations within the ecosystem in which the contract operates. If inclusive indexing is more common or expected by the majority of the contract users, consider adjusting the function to include endIndex_ in the returned results.