Mystery Box
First Flight #25
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Invalid

Array Anomaly: Inefficient Reward Deletion in MysteryBox Contract

juggernaut63

Summary

The claimSingleReward function in the MysteryBox contract deletes a reward from an array without reordering or compacting the array. This results in gaps within the array, leading to potential inefficiencies and complications in data management.

Vulnerability Details

https://github.com/Cyfrin/2024-09-mystery-box/blob/281a3e35761a171ba134e574473565a1afb56b68/src/MysteryBox.sol#L92-L101

The function uses the delete keyword to remove an element from the rewardsOwned array, which sets the element to its default value but does not reduce the array's length or reorder the remaining elements.

function claimSingleReward(uint256 _index) public {
require(_index <= rewardsOwned[msg.sender].length, "Invalid index");
uint256 value = rewardsOwned[msg.sender][_index].value;
require(value > 0, "No reward to claim");
(bool success,) = payable(msg.sender).call{value: value}("");
require(success, "Transfer failed");
@=> delete rewardsOwned[msg.sender][_index];
}

The line delete rewardsOwned[msg.sender][_index]; is where the element is set to its default value, creating a gap in the array.

Impact

Gaps in the array can lead to incorrect assumptions about the data structure, potentially causing errors in logic that processes the array.

Tools Used

Manual review

Recommendations

Instead of using delete, replace the element to be removed with the last element in the array and then reduce the array's length. This approach maintains a contiguous array without gaps.

Updates

Appeal created

inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Too generic

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!