Zaros Part 1
Zaros
DeFiFoundry
60,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Missing Input Validation in checkLiquidatableAccounts Function

kevinkkien

Summary

The checkLiquidatableAccounts function in the LiquidationBranch contract does not validate the relationship between the lowerBound and upperBound parameters. If lowerBound is greater than upperBound, the function will attempt to create an array with a negative size, leading to an error and potential denial of service.

Vulnerability Details

The function initializes an array liquidatableAccountsIds with a size calculated as upperBound - lowerBound:

https://github.com/Cyfrin/2024-07-zaros/blob/main/src/perpetuals/branches/LiquidationBranch.sol#L51

liquidatableAccountsIds = new uint128[](upperBound - lowerBound);

However, there is no check to ensure that lowerBound is less than or equal to upperBound. If lowerBound is greater, the calculation will result in a negative value, which is not a valid array size. This will cause the contract execution to revert with an error.

Impact

If an attacker intentionally provides invalid input where lowerBound is greater than upperBound, it will trigger a revert, preventing the function from executing and potentially disrupting the liquidation process.

Tools Used

Manual review

Recommendations

Include a require statement at the beginning of the checkLiquidatableAccounts function to enforce the condition lowerBound <= upperBound:

require(lowerBound <= upperBound, "Invalid bounds: lowerBound must be less than or equal to upperBound");
Updates

Lead Judging Commences

inallhonesty Lead Judge
about 1 year ago
inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.