The PodTransfer.sol contract in the Beanstalk project has a potential vulnerability in the removePlot function. This function does not check if the index of the plot is within the valid range of the plotIndexes array, leading to the risk of accessing an element outside the array (index out-of-bounds) and causing errors in the contract
The removePlot function in PodTransfer.sol contains the following code:
This code removes a plot at index index from the plots array and calls the removePlotIndexFromAccount function to remove this index from the plotIndexes array. However, there is no check to ensure that index is within the valid range of the plotIndexes array. If index is greater than or equal to the length of the array, accessing plotIndexes[index] will cause an "index out-of-bounds" error.
If the error occurs during the execution of a transaction, the entire transaction will be reverted (undone), wasting gas fees for the user.
Manual
add a check to ensure that index is within the valid range of the plotIndexes array before accessing it
Invalid as per docs https://docs.codehawks.com/hawks-auditors/how-to-determine-a-finding-validity
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.