Zaros Part 1
Zaros
DeFiFoundry
60,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

implementation and documentation does not match for checkLiquidatableAccounts

0xleadwizard

Description

From the comments it is assumed that the range to check is lowerBound to upperBound inclusive of both upper and lower bound but, upperBound is not checked in implementation.

/// @param lowerBound The lower bound of the accounts to check
/// @param upperBound The upper bound of the accounts to check
function checkLiquidatableAccounts(
uint256 lowerBound,
uint256 upperBound
)
external
view
returns (uint128[] memory liquidatableAccountsIds)
{

The loop is running **NOT **including a check for upperBound

// iterate over active accounts within given bounds
for (uint256 i = lowerBound; i < upperBound; i++) {

Recommendation

liquidatableAccountsIds = new uint128[](upperBound - lowerBound); ❌
liquidatableAccountsIds = new uint128[](upperBound - lowerBound + 1); ✅
for (uint256 i = lowerBound; i < upperBound; i++) ❌
for (uint256 i = lowerBound; i <= upperBound; i++) ✅

Impact

From the documentation, the assumption is that the function is going to be used to check the range from lowerBound to upperBound and then from upperBound+1 to nextUpperBound

The impact in this case is if there exists an account that is liquidatable but comes exactly at upperBound it might not be checked and remain there creating bad debt on the system.

Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Appeal created

0xleadwizard Submitter
12 months ago
inallhonesty Lead Judge
12 months ago
0xleadwizard Submitter
12 months ago
inallhonesty Lead Judge
12 months ago
inallhonesty Lead Judge 11 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.