Insecure Array Initialization Size in LiquidationBranch::checkLiquidatableAccounts Function
Summary
The checkLiquidatableAccounts function initializes the liquidatableAccountsIds array without validating that upperBound is greater than lowerBound. This oversight can lead to logical errors and runtime exceptions due to incorrect array sizes.
Vulnerability Details
The function assigns the array size based on the difference between upperBound and lowerBound without ensuring upperBound is greater than lowerBound. This can result in zero or negative sizes, causing incorrect behavior during array operations.
Proof of Concept
In the current implementation, the array initialization is:
If upperBound is less than or equal to lowerBound, the resulting size may be zero or negative, leading to:
Empty or erroneously sized arrays, causing disruptions during subsequent operations.
Possible runtime issues or logical errors that could halt the function or lead to unexpected results.
Consider a potential scenario:
This scenario can cause the function to fail at runtime, preventing further processing and causing contract malfunction.
Impact
Medium severity. Potential consequences include:
Logical errors that can prevent the function from operating correctly.
Denial of Service (DoS) if array operations fail due to incorrect sizes.
Tools Used
Manual code review.
Recommendations
Add validation checks to ensure upperBound is greater than lowerBound before initializing the array.
Example solution:
This validation ensures the array is correctly sized, preventing logical errors and runtime exceptions.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.