Submission Details
Severity:
Dynamic array values `tokenAddresses` and `priceFeedAddresses` must be added in pairs , this has no control in the constructor
Summary
Dynamic array values tokenAddresses and priceFeedAddresses must be added in pairs , this has no control in the constructor
tokenAddresses1 ---> priceFeedAddresses1
tokenAddresses2 ---> priceFeedAddresses2
tokenAddresses3 ---> priceFeedAddresses3
Vulnerability Details
First pair , second pair etc. of dynamic array values tokenAddresses and priceFeedAddresses. must be sequential, this has no control
src/DSCEngine.sol:
111 //////////////////
112: constructor(address[] memory tokenAddresses, address[] memory priceFeedAddresses, address dscAddress) {
113: // USD Price Feeds
114: if (tokenAddresses.length != priceFeedAddresses.length) {
115: revert DSCEngine__TokenAddressesAndPriceFeedAddressesMustBeSameLength();
116: }
117: // For example ETH / USD, BTC / USD, MKR / USD, etc
118: for (uint256 i = 0; i < tokenAddresses.length; i++) {
119: s_priceFeeds[tokenAddresses[i]] = priceFeedAddresses[i];
120: s_collateralTokens.push(tokenAddresses[i]);
121: }
122: i_dsc = DecentralizedStableCoin(dscAddress);
123: }
Impact
Tools Used
Manuel Code Review
Recommendations
contract DSCEngine {
address[] public s_collateralTokens;
mapping(address => address) public s_priceFeeds;
DecentralizedStableCoin public i_dsc;
constructor(address[] memory tokenAddresses, address[] memory priceFeedAddresses, address dscAddress) {
// USD Price Feeds
if (tokenAddresses.length != priceFeedAddresses.length || tokenAddresses.length < 2) {
revert DSCEngine__TokenAddressesAndPriceFeedAddressesMustBeSameLengthAndAtLeastTwoPairs();
}
// Ensure that tokenAddresses and priceFeedAddresses have pairs and are sequential
for (uint256 i = 0; i < tokenAddresses.length - 1; i++) {
s_priceFeeds[tokenAddresses[i]] = priceFeedAddresses[i];
s_collateralTokens.push(tokenAddresses[i]);
// Check if the next tokenAddress and priceFeedAddress form a pair
if (tokenAddresses[i + 1] != address(0) && priceFeedAddresses[i + 1] != address(0)) {
// Check if they are sequential
require(s_priceFeeds[tokenAddresses[i + 1]] == address(0), "DSCEngine__TokenAddressesMustBeSequential");
}
}
// Add the last token and price feed
s_priceFeeds[tokenAddresses[tokenAddresses.length - 1]] = priceFeedAddresses[priceFeedAddresses.length - 1];
s_collateralTokens.push(tokenAddresses[tokenAddresses.length - 1]);
i_dsc = DecentralizedStableCoin(dscAddress);
}
}
Prize pool breakdown
Total prize
15,000 USDC
nSLOC
23664 USDC / LOC
14,000 USDC
1,000 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.