DittoETH

Summary

In the onlyValidShortRecord modifier, there is a potential issue with the validation logic. The modifier is intended to check the validity of a short record for a given asset and shorter by verifying the id against the maxId and some specific conditions. However, there is a logical flaw in the condition that checks whether the id is less than Constants.SHORT_STARTING_ID.

Vulnerability Details

The following line of code checks if the id is less than Constants.SHORT_STARTING_ID:

 if (id < Constants.SHORT_STARTING_ID) revert Errors.InvalidShortId();

The problem with this condition is that it assumes Constants.SHORT_STARTING_ID is a valid lower boundary for the id, but it doesn't take into account the actual valid range for id. Depending on the contract's requirements and design, Constants.SHORT_STARTING_ID might not always be the correct lower boundary for id, which could lead to incorrect validation.

Impact

The bug can lead to incorrect validation of short records if the Constants.SHORT_STARTING_ID is not the correct lower boundary for id. This means that short records that should be considered valid may be rejected, or invalid short records may be accepted.

Tools Used

Manual review

Recommendations

To fix this issue, the contract's design and logic to determine the correct lower boundary for id and update the condition accordingly. If Constants.SHORT_STARTING_ID is indeed the correct lower boundary, then ensure that it is properly defined and documented in the contract. If not, make the necessary adjustments to validate id based on the correct criteria.