Closed sherlock-admin2 closed 2 months ago
1 comment(s) were left on this issue during the judging contest.
0xmystery commented:
It should be assumed that this will not extend to some length that is unreasonable since the method is controlled by the owner
unRekt
Medium
No checks present in the
getRewardSettings()
function ofVaultRewarderLib.sol
to ensure if the indexfor
loop is going out of bound, can lead to potential DoS attacks.Summary
No checks present in the
getRewardSettings()
function ofVaultRewarderLib.sol
to ensure if the indexfor
loop it can lead to data corruption and DoS attacks as the function may revert because of incorrect memory accessVulnerability Detail
In the
getRewardSettings()
function the loopdoes not check for out of bound condition.
And the length of
v
can be different fromstore
as : Value ofv
depends onVaultRewardState[](s.numRewardTokens)
Value ofstore
depends onVaultStorage.getVaultRewardState()
No checks are present to ensure if they have the same length. And as the loop runs till
i<v.length
and mapping store if updated on basis of thatstore[i]
. If length ofv
<store
: it will leave empty spots in the mapping. If length ofv
>store
: it can lead to overflow or out of bound error.Impact
No checks are present to ensure
v
andstore
have the same length as array checks for the element out of boundsCode Snippet
https://github.com/sherlock-audit/2024-06-leveraged-vaults/blob/14d3eaf0445c251c52c86ce88a84a3f5b9dfad94/leveraged-vaults-private/contracts/vaults/common/VaultRewarderLib.sol#L25-L32
Tool used
Manual Review
Recommendation
Implement checks to ensure the lengths of
v
andstore
are same Implement upper bound for the loop.