Submission Details
Severity:
Redundant Code Validation in Short Record Creation
Summary
The code is making sure that the id variable is smaller than uint40 however the variable is not allowed to excess this amount because the parameters registers it as uint40.
Vulnerability Details
The present code is redundant as the parameters allow the tokenId to be of type uint40 so making sure that the tokenId variable is lower than uint40 redundant.
function createShortRecord(
address asset,
address shorter,
SR status,
uint88 collateral,
uint88 ercAmount,
uint64 ercDebtRate,
uint80 zethYieldRate,
@> uint40 tokenId
) internal returns (uint8 id) {
AppStorage storage s = appStorage();
// ensure the tokenId can be downcasted to 40 bits
@> if (tokenId > type(uint40).max) revert Errors.InvalidTokenId();
uint8 nextId;
(id, nextId) = setShortRecordIds(asset, shorter);
Impact
Increased complexity of the code
Tools Used
none
Recommendations
function createShortRecord(
address asset,
address shorter,
SR status,
uint88 collateral,
uint88 ercAmount,
uint64 ercDebtRate,
uint80 zethYieldRate,
uint40 tokenId
) internal returns (uint8 id) {
AppStorage storage s = appStorage();
uint8 nextId;
(id, nextId) = setShortRecordIds(asset, shorter);
Delete redundant code.
Prize pool breakdown
Total prize
55,000 USDC
nSLOC
3,36516 USDC / LOC
50,000 USDC
5,000 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.