stake.link
stake.link
DeFiHardhatBridge
27,500 USDC
View results
Previous Next
Submission Details
Severity: high
Invalid

Insufficient Input Validation

yeahchibyke

Summary

Insufficient input validation in the setUpdateExtraArgs() function

Vulnerability Details and Impact

The setUpdateExtraArgs() function in the provided smart contract is responsible for setting the extra arguments used for sending updates to a specific chain. This function takes two parameters: _chainSelector and _updateExtraArgs. However, the function does not perform sufficient validation on these inputs.
The function does include an if statement that checks if the chain corresponding to _chainSelector has been added to the whitelist.
However, this check only confirms that the chain is present in the whitelist. It does not validate the _updateExtraArgs itself. If _updateExtraArgs is not a valid set of arguments, the function would still proceed with the update operation, potentially leading to unexpected behavior or vulnerabilities.

Recommendations

Add additional checks to ensure that _updateExtraArgs is a valid set of arguments.

function setUpdateExtraArgs(uint64 _chainSelector, bytes calldata _updateExtraArgs) external onlyOwner {
require(isValidArguments(_updateExtraArgs), "Invalid arguments");
require(whitelistedDestinations[_chainSelector] != address(0), "InvalidDestination()");
// Rest of the function...
}
Updates

Lead Judging Commences

0kage Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Too generic

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.