Zaros Part 1

Zaros

DeFiFoundry

60,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Invalid

`getAccountsWithActivePositions` doesn't check if `upperBound` is within the size of `accountsIdsWithActivePositions`

Panthers

Relevant Link

https://github.com/Cyfrin/2024-07-zaros/blob/d687fe96bb7ace8652778797052a38763fbcbb1b/src/perpetuals/branches/GlobalConfigurationBranch.sol#L143

Summary

The GlobalConfigurationBranch:getAccountsWithActivePositions function lacks proper validation for the upperBound parameter, potentially leading to out-of-bounds errors. This vulnerability could result in incorrect data retrieval and potential disruption of the system's operations.

Vulnerability Details

The getAccountsWithActivePositions function retrieves a list of accounts with active positions between specified lower and upper bounds. However, it does not validate if the upperBound parameter is within the size of the accountsIdsWithActivePositions set. This can lead to out-of-bounds errors, causing the function to revert or return incorrect data.

See the following code:

function getAccountsWithActivePositions(

uint256 lowerBound,

uint256 upperBound

)

external

view

returns (uint128[] memory accountsIds)

{

GlobalConfiguration.Data storage globalConfiguration = GlobalConfiguration.load();

accountsIds = new uint128[](upperBound - lowerBound + 1);

uint256 index = 0;

for (uint256 i = lowerBound; i <= upperBound; i++) {

accountsIds[index] = uint128(globalConfiguration.accountsIdsWithActivePositions.at(i));

index++;

}

Impact

This vulnerability can cause the following issues:

Out-of-Bounds Error: The function may revert, causing disruptions in the system's operations.
Incorrect Data Retrieval: The function may return incorrect data, affecting the accuracy and reliability of the system.

Tools Used

Manual Review

Recommendations

To mitigate this vulnerability, validate the upperBound parameter to ensure it is within the size of the accountsIdsWithActivePositions set before proceeding with data retrieval.

Updates

Lead Judging Commences

inallhonesty Lead Judge

over 1 year ago

inallhonesty Lead Judge over 1 year ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Prize pool breakdown

Total prize

60,000 USDC

nSLOC

2,878

21 USDC / LOC

High Medium

50,000 USDC

Low

5,500 USDC

Judges

4,500 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!