Summary

The duplicate check misses checking the first element of the array

Vulnerability Details

The bug in the original code is that it fails to detect the first occurrence of a duplicate address in the recipients array.
Here's a simple example to illustrate the bug:

Let's say the recipients array is [A, B, A, C].
The code checks for duplicate addresses using a nested loop:

for (uint256 i = 0; i < recipients.length; i++) { // ... for (uint256 j = i + 1; j < recipients.length; j++) { if (recipients[i] == recipients[j]) { return false; } } }

When i = 0, the inner loop (with j) starts from i + 1, which is 1. So, it compares recipients[0] (which is A) with recipients[1] (which is B), recipients[2] (which is A again), and recipients[3] (which is C).

However, the inner loop does not compare recipients[0] (the first A) with itself. It only compares recipients[0] with the subsequent elements in the array.

So, when it encounters the second occurrence of A at recipients[2], it does not detect it as a duplicate because it has not compared recipients[2] (the second A) with recipients[0] (the first A).

The code can detect duplicates like [A, B, B, C] (because it compares the second B with the first B), but it cannot detect duplicates like [A, B, A, C] (because it does not compare the second A with the first A).

Impact

It's possible for duplicates to exist in the array

Tools Used

Manual review

Recommendations

By starting the inner loop from j = 0, the code can now detect the first occurrence of a duplicate address. This compares each address with all the other addresses in the array, including the ones before and after the current index.