Missing Input Validation in checkLiquidatableAccounts Function
Summary
The checkLiquidatableAccounts function in the LiquidationBranch contract does not validate the relationship between the lowerBound and upperBound parameters. If lowerBound is greater than upperBound, the function will attempt to create an array with a negative size, leading to an error and potential denial of service.
Vulnerability Details
The function initializes an array liquidatableAccountsIds with a size calculated as upperBound - lowerBound:
https://github.com/Cyfrin/2024-07-zaros/blob/main/src/perpetuals/branches/LiquidationBranch.sol#L51
However, there is no check to ensure that lowerBound is less than or equal to upperBound. If lowerBound is greater, the calculation will result in a negative value, which is not a valid array size. This will cause the contract execution to revert with an error.
Impact
If an attacker intentionally provides invalid input where lowerBound is greater than upperBound, it will trigger a revert, preventing the function from executing and potentially disrupting the liquidation process.
Tools Used
Manual review
Recommendations
Include a require statement at the beginning of the checkLiquidatableAccounts function to enforce the condition lowerBound <= upperBound:
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.