search

sherlock-audit / 2024-08-woofi-solana-deployment-judging

0 stars 0 forks source link

Proud Wintergreen Butterfly - Missing error propagation in set_range_handler function can lead to wrong calculations #88

Open sherlock-admin3 opened 13 hours ago

sherlock-admin3 commented 13 hours ago

Proud Wintergreen Butterfly

Medium

Missing error propagation in set_range_handler function can lead to wrong calculations

Summary

The set_range_handler function in the wooracle module does not properly propagate errors from the update_range_max call due to the missing ? operator. This omission can lead to silent failures, where the function appears to succeed even when an error has occurred.

Vulnerability Detail

In the set_range_handler function, the ? operator is used to propagate errors from the update_range_min function call, but is missing from the subsequent update_range_max call. The ? operator is essential for propagating errors to the caller. Without it, any error returned by update_range_max is ignored, and the function returns Ok(()) even when the operation fails.

Impact

This could lead to silent failures where the range_max value is not updated as expected. The wooracle may remain in an inconsistent state because the function incorrectly indicates success. Incorrect setup of the range_max variable can result in wrong calculations and functioning of the protocol.

Code Snippet

line missing the operator

Tool used

Manual Review

Recommendation

Add the ? operator to the update_range_max call in the set_range_handler function to ensure proper error propagation. This will prevent silent failures and ensure that the function returns an error when update_range_max fails.

pub fn set_range_handler(
    ctx: Context<SetWooStateOnlyGuardian>,
    range_min: u128,
    range_max: u128,
) -> Result<()> {
     ctx.accounts.wooracle.update_range_min(range_min)?;
—    ctx.accounts.wooracle.update_range_max(range_max)   
++   ctx.accounts.wooracle.update_range_max(range_max)?
}