No checks on req.ids.len()
and req.uris.len()
.
The issue arises from the way the function handles token IDs and their corresponding URIs (Uniform Resource Identifiers).
The function loops through req.ids
to process each token:
Inside this loop, there's a condition to check if URIs are provided:
Now if req.uris.len()
is less than req.ids.len()
, when i
becomes equal to or greater than req.uris.len()
, the code will try to access req.uris[i]
which doesn't exist. Or if req.uris.len()
is greater than req.ids.len()
, some URIs will be left unprocessed.
This could cause a runtime error or unexpected behavior. Or some URIs will be left unprocessed.
Manual review
Add a check to ensure that req.ids.len()
equals req.uris.len()
when URIs are provided.
Please, do not suppose impacts, think about the real impact of the bug and check the CodeHawks documentation to confirm: https://docs.codehawks.com/hawks-auditors/how-to-determine-a-finding-validity A PoC always helps to understand the real impact possible.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.