Improper array delete will cause protocol dos
Summary
Solidity improper array delete will cause protocol dos.
Vulnerability Details
Unlike other computer languages like java, python and ts, solidity array delete cannot delete the element success, the deleted element will be set to 0 instead removed from the array. When use the loans after deleting loans[loanId];, the related functions will not work noramlly and will dos the Lender conrtact.
For example, function repay of Lender contract use delete loans[0] to delete index 0 from the loans array. After that, when call other functions like giveLoan, startAuction and seizeLoan, such functions will not work normally because loan = loans[0] structure will be set to 0 instead removed from the array, like if (msg.sender != loan.lender) revert Unauthorized(); of giveLoan function will revert directly, which will cause protocol dos.
Impact
Protocol will dos with improper array delete.
Tools Used
vscode, manual review
Recommendations
We can remove array elements by shifting them from right to left, see reference: https://blog.solidityscan.com/improper-array-deletion-82672eed8e8d#:~:text=The%20following%20are%20the%20recommended,them%20from%20right%20to%20lef
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.