Ensure that the position exists before attempting to delete it
Summary
Vulnerability Details
In the deletePosition function, the contract attempts to delete a position specified by the provided _position argument without confirming whether that position actually exists in the positions mapping. The function includes two operations: deleteHolder(_position.holder) and delete positions[_position.holder]. If the specified _position.holder does not exist in the positions mapping, the delete operation on positions[_position.holder] will set the corresponding mapping entry to its default value (address(0)).
Impact
If the deletePosition function is called with a non-existing position, the delete keyword will set the corresponding mapping entry to its default value (address(0) in the case of an address). The deleteHolder function will still be called, removing the address from the holders array. However, the caller might not be aware that the position did not exist, leading to potential confusion or unintended consequences.
Tools Used
Manual
Recommendations
Lead Judging Commences
informational/invalid
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.