stake.link
stake.link
DeFiHardhatBridge
27,500 USDC
View results
Previous Next
Submission Details
Severity: high
Invalid

Insufficient Input Validation

yeahchibyke

Summary

Insufficient input validation in removeWhitelistedChain() function

Vulnerability Details and Impact

The removeWhitelistedChain() function in the provided smart contract is responsible for removing a chain from the list of whitelisted chains. This function takes one parameter: _chainSelector. And while there is an if statement that confirms that the chain ti be removed exists in the whitelist, it does not validate the _chainSelector itself.If the _chainSelector is not a valid identifier for a chain, the function would still proceed with the removal operation, potentially leading to unexpected behavior or vulnerabilities.

Recommendations

To further strengthen the input validation, add additional checks to ensure that _chainSelector is a valid identifier for a chain.

function removeWhitelistedChain(uint64 _chainSelector) external onlyOwner {
require(isValidChainSelector(_chainSelector), "Invalid chain selector");
require(whitelistedDestinations[_chainSelector] != address(0), "InvalidDestination()");
// Rest of the function...
}

In this modified version of the function, the require statement at the beginning checks that _chainSelector is a valid identifier for a chain. If the check fails, the function reverts with an error message. This ensures that only valid inputs are processed by the function, thereby mitigating the risk of input validation.

Updates

Lead Judging Commences

0kage Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Other

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.