Liquid Staking
Stakelink
DeFiHardhatOracle
50,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Array Boundary Check Vulnerability in updateFee Function

8olidity

Summary

Array Boundary Check Vulnerability in updateFee Function

Vulnerability Details

In the updateFee function, there is a lack of array boundary check after deleting the last fee item. This may lead to out-of-bounds array access in subsequent operations.

When feeBasisPoints is 0, the function deletes the fee item at the specified index. However, after the deletion, the function does not re-verify if _index is still within the array bounds. This could result in accessing non-existent array elements after the array length has been reduced.

  • May cause unexpected array access or function reversion.

  • Could lead to inconsistent contract state in some cases.

  • Might be exploited by malicious users to disrupt normal contract operations.

function updateFee(
uint256 _index,
address _receiver,
uint256 _feeBasisPoints
) external onlyOwner {
_updateStrategyRewards();
if (_feeBasisPoints == 0) {
fees[_index] = fees[fees.length - 1];
fees.pop();
} else {
fees[_index].receiver = _receiver;
fees[_index].basisPoints = _feeBasisPoints;
}
if (_totalFeesBasisPoints() > 3000) revert FeesTooLarge();
}

Tools Used

vscode

Recommendations

Add an additional check after updating or deleting fee items to ensure the index is still within valid range.

Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.