stake.link

stake.link
DeFiHardhatBridge
27,500 USDC
View results
Submission Details
Severity: low
Invalid

Lack of Validation for Strategy Index in `performUpkeep` Function

Summary

The RewardsInitiator.sol contract lacks proper validation for the strategy index in the performUpkeep function, which could lead to unintended consequences if the index is out of bounds. A malicious actor could exploit this vulnerability to disrupt the intended functionality of the contract.

Vulnerability Details

Lack of Validation for Strategy Index in performUpkeep Function

The performUpkeep function processes a list of strategy indexes without proper validation, allowing the possibility of using invalid indexes that are out of bounds. This could lead to errors and unexpected behavior when updating strategy rewards.

Code Snippet:

// In RewardsInitiator.sol
function performUpkeep(bytes calldata _performData) external {
address[] memory strategies = stakingPool.getStrategies();
uint256[] memory strategiesToUpdate = abi.decode(_performData, (uint256[]));
if (strategiesToUpdate.length == 0) revert NoStrategiesToUpdate();
for (uint256 i = 0; i < strategiesToUpdate.length; ++i) {
if (strategiesToUpdate[i] >= strategies.length) revert InvalidStrategyIndex();
if (IStrategy(strategies[strategiesToUpdate[i]]).getDepositChange() >= 0) revert PositiveDepositChange();
}
stakingPool.updateStrategyRewards(strategiesToUpdate, "");
}

Impact

If a malicious actor provides an out-of-bounds strategy index in the performUpkeep function, it could result in the contract reverting unexpectedly or processing unintended strategies, leading to potential disruptions in the reward update process.

Tools Used

Manual Code Review

Recommendations

Add proper validation checks to ensure that strategy indexes provided in the performUpkeep function are within the valid range. This will help prevent unintended consequences and ensure the security of the contract.

Mitigation Steps:

// Validation Check in performUpkeep
function performUpkeep(bytes calldata _performData) external {
address[] memory strategies = stakingPool.getStrategies();
uint256[] memory strategiesToUpdate = abi.decode(_performData, (uint256[]));
if (strategiesToUpdate.length == 0) revert NoStrategiesToUpdate();
for (uint256 i = 0; i < strategiesToUpdate.length; ++i) {
if (strategiesToUpdate[i] >= strategies.length) revert InvalidStrategyIndex();
if (IStrategy(strategies[strategiesToUpdate[i]]).getDepositChange() >= 0) revert PositiveDepositChange();
}
stakingPool.updateStrategyRewards(strategiesToUpdate, "");
}

Implementing the recommended validation checks, the contract can ensure that only valid strategy indexes are processed during the upkeep, reducing the risk of unintended behavior.

Updates

Lead Judging Commences

0kage Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.