DittoETH

Ditto
DeFiFoundryOracle
55,000 USDC
View results
Submission Details
Severity: medium
Invalid

Lack of Validation for Asset Addresses

Summary

Missing Validation mechanism

Vulnerability Details

The current contract is missing a crucial validation mechanism for asset addresses.the validation should ideally be implemented in the functions increaseCollateral, decreaseCollateral, and combineShorts

Impact

While it doesn't directly lead to a loss of funds or a critical failure of the contract, it can cause transactions to fail or behave unexpectedly if an invalid address is provided

Tools Used

Manual

Recommendations

To mitigate the identified issue, it is recommended to incorporate a function that validates the asset address prior to executing any operations. This function should confirm that the address is non-zero and a contract is present at the specified address. Here is a simplified example of how this could be implemented:

function isValidAddress(address _address) internal view returns (bool) {
if (_address == address(0)) {
return false;
}
uint size;
assembly { size := extcodesize(_address) }
return size > 0;
}

Subsequently, this function can be utilized within your increaseCollateral, decreaseCollateral, and combineShorts functions as illustrated below:

function increaseCollateral(address asset, uint8 id, uint88 amount)
external
isNotFrozen(asset)
nonReentrant
onlyValidShortRecord(asset, msg.sender, id)
{
require(isValidAddress(asset), "Invalid asset address");
// rest of the function
}

This implementation will validate the asset address prior to performing any operations, thereby minimizing the risk of fund loss due to incorrect addresses.

Updates

Lead Judging Commences

0xnevi Lead Judge
over 1 year ago
0xnevi Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Other

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.