stake.link

stake.link
DeFiHardhatBridge
27,500 USDC
View results
Submission Details
Severity: low
Invalid

Double queuedNewLocks push on initialize function in SDLPoolSecondary

Summary

Double queuedNewLocks push on initialize function in SDLPoolSecondary

Vulnerability Details

As seen below there is a duplicate push op of queuedNewLocks on initialize function, seeing the previous updateBatchIndex and currentMintLockIdByBatch consider only one time insertion, I might assume this is a typo or overlooked code.

File: SDLPoolSecondary.sol
66: function initialize(
67: string memory _name,
68: string memory _symbol,
69: address _sdlToken,
70: address _boostController,
71: uint256 _queuedNewLockLimit
72: ) public initializer {
73: __SDLPoolBase_init(_name, _symbol, _sdlToken, _boostController);
74: updateBatchIndex = 1;
75: currentMintLockIdByBatch.push(0);
76: queuedNewLocks.push();
77: queuedNewLocks.push();
78: queuedNewLockLimit = _queuedNewLockLimit;
79: }

Impact

initially the queuedNewLocks contains two empty queue instead of one

Tools Used

Manual analysis

Recommendations

remove one queuedNewLocks.push();

Updates

Lead Judging Commences

0kage Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Other

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.