DittoETH
Ditto
DeFiFoundryOracle
55,000 USDC
View results
Previous Next
Submission Details
Severity: low
Valid

FlaggerIdCounter is not used as intended

talfao

Summary

In the codebase, the flaggerIdCounter is currently limited to uint16, whereas its intended usage was up to uint24. This limitation restricts the number of flags that can be set simultaneously.

Vulnerability Details

The issue is found in the following line of code: Link to code. It enforces that the flaggerIdCounter should be of type uint16, contrary to its intended type, which is uint24. The correct type is specified in the AppStorage.sol structure:

struct AppStorage {
address admin;
address ownerCandidate;
address baseOracle;
uint24 flaggerIdCounter; // This should be uint24

This finding was submitted after discussions with the sponsor, who acknowledged this issue as low priority and agreed to address it.

Impact

This issue results in the underutilization of flaggerIDCounter, as it was originally intended to accommodate values up to uint24, not just uint16.

Tools Used

Manual code review

Recommendations

To address this issue, modify the code as follows:

...
- } else if (s.flaggerIdCounter < type(uint16).max) {
- //@dev generate brand new flaggerId
+} else if (s.flaggerIdCounter < type(uint24).max) {
+ //@dev generate brand new flaggerId
...

These changes will ensure that flaggerIdCounter behaves as intended with a maximum value of uint24.

Updates

Lead Judging Commences

0xnevi Lead Judge over 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

finding-241

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.