checkLiquidatableAccounts won't work for lowerBound bigger than 0
Summary
This function works only for first batch of users, and it would be reverted if called for any other
Vulnerability Details
The size of the output array is calculated based on the parameters provided. While the iteration ends at UpperBound, if the lower bound is greater than 0, you may end up trying to access the array beyond its bounds
For following parameters this function would fail
lowerBound = 20
upperBound = 30
because the function may try to access the element at position 20 while the array size is only 10.
Impact
Administrator would be able to get only first batch of account for liqudations.
Tools Used
Manual Review
Recommendations
This loop should start iterating from 0 and stop and the length of the array, while tradingAccountIndex should be lowerBound + i
Lead Judging Commences
`LiquidationBranch::checkLiquidatableAccounts()` executes `for` loop where `liquidatableAccountsIds[i] = tradingAccountId;` gives out of bounds if `lowerBound != 0`
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.