Sparkn

CodeFox Inc.

DeFiFoundryProxy

15,000 USDC

View results

Previous Next

Submission Details

Severity: low

Valid

Mismatch in Array Lengths

hunter_w3b

Summary

The code does not include any checks to ensure that the lengths of these array.

Vulnerability Details

In the provided code, there is a comment stating that the winners and percentages arrays are supposed not to be too long, implying that the loop should remain unbounded. However, the code does not include any checks to ensure that the lengths of these arrays match.

https://github.com/Cyfrin/2023-08-sparkn/blob/main/src/Distributor.sol#L108

* The winners and percentages array are supposed not to be so long, so the loop can stay unbounded

The following code snippet illustrates the loop where the issue may arise:

https://github.com/Cyfrin/2023-08-sparkn/blob/main/src/Distributor.sol#L128-L133

for (uint256 i; i < percentagesLength;) {

totalPercentage += percentages[i];

unchecked {

++i;

}

Impact

The absence of checks to ensure that the lengths of the winners and percentages arrays could result the loop can stay unbounded.

Tools Used

Manual Review

Prize pool breakdown

Total prize

15,000 USDC

nSLOC

194

77 USDC / LOC

High Medium

14,000 USDC

Low

1,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.