Missing validation for `reserves` array in `update()` results in underflow
Summary
The update() function is intended to update the Pump's reserves and perform calculations based on the provided reserves array. The issue arises when update() is called with an empty reserves array.
Vulnerability Details
If update() is called with an empty array for reserves, the following line will attempt to calculate the number of slots based on the length of this array:
The function _getSlotsOffset() calculates the storage slots needed based on the number of reserves. It assumes that numberOfReserves is at least 1:
If numberOfReserves is 0 (because the reserves array is empty), (numberOfReserves - 1) will underflow, as it tries to subtract 1 from 0 in an unsigned integer context.
Impact
Since Solidity v0.8.x and above automatically revert on underflow, this would cause the entire transaction to revert.
Tools Used
Manual Review
Recommendations
To mitigate the underflow issue in the update() function when called with an empty reserves array, you can add a validation check at the beginning of the function to ensure that the reserves array is not empty.
Lead Judging Commences
Informational/Invalid
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.