stake.link
stake.link
DeFiHardhatBridge
27,500 USDC
View results
Previous Next
Submission Details
Severity: high
Invalid

Unhandled Exceptions

yeahchibyke

Summary

Unhandled exceptions in the distributeRewards() function

Vulnerability Details and Impact

In the loop where the contract iterates over the distributionAmounts array. The code assumes that the length of _rewardTokens and _rewardTokenAmounts arrays are equal, but there's no explicit check for this. If these arrays have different lengths, the loop may try to access an element beyond the end of one of the arrays, resulting in an ArrayIndexOutOfBoundsException.

for (uint256 i = 0; i < _rewardTokens.length; ++i) {
if (_rewardTokenAmounts[i] != 0) {
numRewardTokensToTransfer++;
}
}

Recommendations

Add a check to ensure that the loops do not exceed the bounds of the arrays.

require(_rewardTokens.length == _rewardTokenAmounts.length, "Input arrays must have the same length");
for (uint256 i = 0; i < _rewardTokens.length; ++i) {
require(i < _rewardTokenAmounts.length, "Index out of bounds");
if (_rewardTokenAmounts[i] != 0) {
numRewardTokensToTransfer++;
}
}

This modification ensures that the contract checks the lengths of the input arrays before entering the loop, preventing any potential ArrayIndexOutOfBoundsException. It also adds a require statement inside the loop to check that the current index does not exceed the length of _rewardTokenAmounts, providing an additional layer of protection against this specific type of exception.

Updates

Lead Judging Commences

0kage Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.