search

sherlock-audit / 2024-06-allora-judging

0 stars 0 forks source link

0xsi - Lack of Validation in Encoding and Decoding in `math/collections.go` #33

Closed sherlock-admin2 closed 4 months ago

sherlock-admin2 commented 4 months ago

0xsi

High

Lack of Validation in Encoding and Decoding in math/collections.go

Summary

No validation in encoding and decoding can opens the risk to malformed or malicious data beeing passed.

Vulnerability Detail

The Encode, Decode, EncodeJSON, and DecodeJSON methods do not perform any validation on the input or output data. This lack of validation can lead to incorrect encoding/decoding results or potential security vulnerabilities if malformed data is processed.

Impact

Without validation, there is a risk that malformed or malicious data could be encoded or decoded incorrectly, leading to data corruption or security issues such as denial of service or exploitation of underlying vulnerabilities.

Code Snippet

https://github.com/sherlock-audit/2024-06-allora/blob/main/allora-chain/math/collections.go#L12-L23

Tool used

Manual Review

Recommendation

Implement validation checks in the Encode, Decode, EncodeJSON, and DecodeJSON methods to ensure the data being processed is valid. This will help prevent encoding/decoding errors and potential security issues.

sherlock-admin3 commented 4 months ago

1 comment(s) were left on this issue during the judging contest.

0xmystery commented:

Insufficient proof