The RewardsInitiator.sol
contract lacks proper validation for the strategy index in the performUpkeep
function, which could lead to unintended consequences if the index is out of bounds. A malicious actor could exploit this vulnerability to disrupt the intended functionality of the contract.
performUpkeep
FunctionThe performUpkeep
function processes a list of strategy indexes without proper validation, allowing the possibility of using invalid indexes that are out of bounds. This could lead to errors and unexpected behavior when updating strategy rewards.
Code Snippet:
If a malicious actor provides an out-of-bounds strategy index in the performUpkeep
function, it could result in the contract reverting unexpectedly or processing unintended strategies, leading to potential disruptions in the reward update process.
Manual Code Review
Add proper validation checks to ensure that strategy indexes provided in the performUpkeep
function are within the valid range. This will help prevent unintended consequences and ensure the security of the contract.
Mitigation Steps:
Implementing the recommended validation checks, the contract can ensure that only valid strategy indexes are processed during the upkeep, reducing the risk of unintended behavior.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.