Submission Details
Severity:
A lack of parameter checks could lead to a system malfunction.
Summary
Absence of Parameter check could cause a system malfunction
Vulnerability Details
The 'getAccountsWithActivePositions' function takes in an 'upperbound' and `lowerbound` parameter
that gives the system a range of accountIDs to retrieve as seen below
```solidity```
/// @param lowerBound The lower bound of the accounts to retrieve.
/// @param upperBound The upper bound of the accounts to retrieve.
function getAccountsWithActivePositions(
uint256 lowerBound,
uint256 upperBound
)
external
view
returns (uint128[] memory accountsIds)
{
GlobalConfiguration.Data storage globalConfiguration = GlobalConfiguration.load();
accountsIds = new uint128[](upperBound - lowerBound + 1);
uint256 index = 0;
for (uint256 i = lowerBound; i <= upperBound; i++) {
accountsIds[index] = uint128(globalConfiguration.accountsIdsWithActivePositions.at(i));
index++;
}
}
As seen above, the upperbound and lowerbound are intended to be used differently in the functions logic
to give the system a range of accountIDs to retrieve and work with but they could easily be interchanged wrongly
and this will make the function call fail
Impact
The upper bound and lower bound are meant to be used differently in the function's logic to define a range of
account IDs to retrieve and process. However, if they are mistakenly swapped, it will cause the function call
to fail.
Tools Used
Manual Analysis
Implement a check to ensure that upperbound is always greater than lowerbound
Updates
Prize pool breakdown
Total prize
60,000 USDC
nSLOC
2,87821 USDC / LOC
50,000 USDC
5,500 USDC
4,500 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.