Zaros Part 1
Zaros
DeFiFoundry
60,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

No check in the length of arrays in initializables and initializePayloads

kwakudr

Summary

No check in the length of arrays in initializables and initializePayloads could lead to errors if there is a mismatch

Vulnerability Details

function initializeRootUpgrade(
RootProxy.BranchUpgrade[] memory,
address[] memory initializables,
bytes[] memory initializePayloads
)
internal
{
for (uint256 i; i < initializables.length; i++) {
address initializable = initializables[i];
bytes memory data = initializePayloads[i];
if (initializable.code.length == 0) {
revert Errors.InitializableIsNotContract(initializable);
}
Address.functionDelegateCall(initializable, data);
}
}

The initializeRootUpgrade function does not check if the lengths of initializables and initializePayloads arrays match. This can lead to potential out-of-bounds access or skipped initializations.

If initializePayloads is shorter than initializables, the function will attempt to access non-existent elements of initializePayloads, potentially causing a runtime error.

If initializePayloads is longer than initializables, some payloads will be ignored, which might not be the intended behavior.

Impact

If initializePayloads is shorter than initializables, the function will attempt to access non-existent elements of initializePayloads, potentially causing a runtime error.

If initializePayloads is longer than initializables, some payloads will be ignored, which might not be the intended behavior.

Tools Used

Manual Review

Recommendations

Add checks to ensure length of arrays match

Updates

Lead Judging Commences

inallhonesty Lead Judge
about 1 year ago
inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.