Beanstalk: The Finale
Beanstalk
DeFiHardhatFoundry
250,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Valid

Nested Loop Indexing Error

sparrow

Summary

The init function in the ReseedField contract incorrectly uses an index increment intended for the outer loop (i++) within the inner loop (j++). This error leads to improper array indexing and potential out-of-bounds access issues.

Vulnerability Details

The vulnerability lies in the following snippet of the init function:

for (uint i; i < accountPlots.length; i++) {
for (uint j; j < accountPlots[i].plots.length; i++) { // <-- Issue: incorrect index increment `i++` instead of `j++`
uint256 podIndex = accountPlots[i].plots[j].podIndex;
uint256 podAmount = accountPlots[i].plots[j].podAmounts;
// State modification and event emission
}
}

Impact

This indexing error causes the inner loop (j) to not iterate correctly over accountPlots[i].plots, as intended. Instead, the outer loop (i) is incorrectly incremented again, potentially leading to:

  • Array Bounds Errors: Accessing elements out of the bounds of accountPlots and plots.

  • Data Corruption: Incorrect data assignment or unintended state mutations.

  • Contract Failures: Potential contract halts due to out-of-gas errors or inconsistent state.

Tools Used

Manual Code Review

Recommendations

Correct the inner loop index to j++ to ensure proper iteration over accountPlots[i].plots.

for (uint j; j < accountPlots[i].plots.length; j++) {
// Loop body remains the same
}
Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

Very broken loop in ReseedField::init

Appeal created

inallhonesty Lead Judge 12 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Very broken loop in ReseedField::init

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.