There is an issue with the management of the fixedOngoingWithdrawalUsers array.
Summary
Vulnerability Detail
In the finalizeVaultOngoingFixedWithdrawals function, the current approach involves iterating over the fixedOngoingWithdrawalUsers array and using the delete operator to remove user addresses. However, this method only sets the respective array elements to their default value (address(0)) without shrinking the array length.
Impact
Array bloating: Over time, the array will accumulate many address(0) elements, increasing the gas cost for subsequent operations.
Logical confusion: Handling arrays with address(0) elements may cause unexpected behavior or errors during iteration or validation.
To manage the array more efficiently, use a technique that maintains array compactness. One effective method is to swap the element to be deleted with the last element of the array, and then use the pop function to remove the last element. This reduces gas consumption and keeps the array compact.
Use mappings instead of arrays.Since reading from a mapping has constant time complexity (O(1)), it can avoid traversing the entire array.
Albort
Medium
There is an issue with the management of the
fixedOngoingWithdrawalUsersarray.Summary
Vulnerability Detail
In the
finalizeVaultOngoingFixedWithdrawalsfunction, the current approach involves iterating over thefixedOngoingWithdrawalUsersarray and using thedeleteoperator to remove user addresses. However, this method only sets the respective array elements to their default value (address(0)) without shrinking the array length.Impact
Array bloating: Over time, the array will accumulate many
address(0)elements, increasing the gas cost for subsequent operations.Logical confusion: Handling arrays with
address(0)elements may cause unexpected behavior or errors during iteration or validation.Code Snippet
https://github.com/sherlock-audit/2024-08-saffron-finance/blob/main/lido-fiv/contracts/LidoVault.sol#L601
Tool used
Manual Review
Recommendation
To manage the array more efficiently, use a technique that maintains array compactness. One effective method is to swap the element to be deleted with the last element of the array, and then use the
popfunction to remove the last element. This reduces gas consumption and keeps the array compact. Use mappings instead of arrays.Since reading from a mapping has constant time complexity (O(1)), it can avoid traversing the entire array.