First Flight #16: Mafia Takedown
First Flight #16
Beginner FriendlyDeFiFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

Wrong Array Assignment in `Laundrette::configureDependencies`

0xlookman

Summary

The Laundrette::configureDependencies function returns an array which is invalid with an empty value.

Vulnerability Details

The Laundrette::configureDependencies function does has a memory dependencies array variable with two elements which is returned.

The 'weapn' and 'money' keycodes are to be stored in this function but both keycodes are stored at the 0th index of the array.

The 'money' keycode is not stored and the 1st index is empty.

function configureDependencies() external override onlyKernel returns (Keycode[] memory dependencies) {
dependencies = new Keycode[](2);
dependencies[0] = toKeycode("MONEY");
moneyShelf = MoneyShelf(getModuleAddress(toKeycode("MONEY")));
dependencies[0] = toKeycode("WEAPN");
weaponShelf = WeaponShelf(getModuleAddress(toKeycode("WEAPN")));
}

Impact

The Laundrette policy dependencies are not properly configured in Kernel.sol. This is not how the protocol is intended to function.

Tools Used

Manual review

Recommendations

Store the WEAPN keycode the the 1st index of the dependencies array instead of the 0th index.

function configureDependencies() external override onlyKernel returns (Keycode[] memory dependencies) {
dependencies = new Keycode[](2);
dependencies[0] = toKeycode("MONEY");
moneyShelf = MoneyShelf(getModuleAddress(toKeycode("MONEY")));
- dependencies[0] = toKeycode("WEAPN");
+ dependencies[1] = toKeycode("WEAPN");
weaponShelf = WeaponShelf(getModuleAddress(toKeycode("WEAPN")));
}
Updates

Lead Judging Commences

n0kto Lead Judge about 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

Laundrette incorrect dependencies

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.