DittoETH
Ditto
DeFiFoundryOracle
55,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Lack of validation for the 'shortHintArray' parameter

0xch

Summary

Inputs provided by users or other external sources are used directly without checking for validity, correctness, or authenticity.

Vulnerability Details

The parameter 'shortHintArray' within the 'liquidate' function is directly transferred to the 'createForcedBid' function in the IDiamond contract, absent of any validation process. This could potentially result in complications if the array encompasses unexpected values.

Impact

Tools Used

Manual

Recommendations

To resolve this issue, you should add a validation check for the shortHintArray parameter in the liquidate function. This could involve checking that the array is not empty and that the values within the array are within expected bounds. Here is a simple example of how you could implement this:

require(shortHintArray.length > 0, "shortHintArray cannot be empty");
for (uint i = 0; i < shortHintArray.length; i++) {
require(shortHintArray[i] >= 0 && shortHintArray[i] <= MAX_VALUE, "Invalid value in shortHintArray");
}

Replace MAX_VALUE with the maximum expected value for elements in shortHintArray. This will ensure that all values in the array are within the expected range and prevent potential issues caused by unexpected values.

Updates

Lead Judging Commences

0xnevi Lead Judge
over 1 year ago
0xnevi Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Other

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.