Lack of Validation on convertData in LibConvert.convert Function
Vulnerability Details
The convert function in the LibConvert library accepts a convertData bytes parameter to determine the type of conversion and the associated parameters. It decodes the convertData using functions from the LibConvertData library based on the ConvertKind enum. However, there is no explicit validation of the convertData before it is used to call the respective conversion functions in other libraries.
Impact
The absence of validation poses a high risk, as malformed or maliciously crafted convertData could lead to unexpected behavior, including but not limited to:
Transfers of incorrect token amounts
Interactions with unintended token addresses
Tools Used
Manual Review
Recommendations
Implement thorough validation checks on the convertData within the convert function before proceeding with any conversion logic. This should include, but not be limited to:
Ensuring that token addresses are non-zero and are part of a list of allowed tokens
Checking that amounts are within reasonable bounds and are not zero
Verifying that the data structure of convertData matches the expected format for the given ConvertKind
Lead Judging Commences
Informational/Invalid
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.