MyCut
First Flight #23
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: low
Invalid

Risk of Inconsistent State Due to Lack of Empty Array Validation

brene

Summary

The Pot contract constructor accepts arrays of players and rewards to initialize the contract. However, there is no validation to ensure that these arrays are non-empty. This lack of validation can lead to the creation of a contract with an inconsistent state, where no players or rewards exist, potentially causing failures in subsequent operations.

Vulnerability Details

The constructor accepts two arrays, players and rewards, but does not verify whether these arrays are empty.

constructor(address[] memory players, uint256[] memory rewards, IERC20 token, uint256 totalRewards) {
i_players = players;
i_rewards = rewards;
i_token = token;
i_totalRewards = totalRewards;
remainingRewards = totalRewards;
i_deployedAt = block.timestamp;
// i_token.transfer(address(this), i_totalRewards);
for (uint256 i = 0; i < i_players.length; i++) {
playersToRewards[i_players[i]] = i_rewards[i];
}
}

Impact

Functions that rely on the existence of players or rewards, such as reward claims or distribution, will fail or produce incorrect results if the arrays are empty.

Tools Used

Manual Review

Recommendation

Add checks in the constructor to ensure that both the players and rewards arrays are non-empty.

Updates

Lead Judging Commences

equious Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Known issue

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.