Liquid Staking
Stakelink
DeFiHardhatOracle
50,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Potential for Inefficient Error Handling in `WithdrawalPool.getWithdrawals`

8olidity

Summary

Potential for Inefficient Error Handling in WithdrawalPool.getWithdrawals

Vulnerability Details

The getWithdrawals function in the WithdrawalPool contract does not handle invalid withdrawal IDs gracefully. While Solidity 0.8.15 provides automatic bounds checking for array access, preventing out-of-bounds reads, the current implementation will cause the entire transaction to revert if any single withdrawal ID is invalid.

function getWithdrawals(
uint256[] calldata _withdrawalIds
) external view returns (Withdrawal[] memory) {
Withdrawal[] memory withdrawals = new Withdrawal[]();
for (uint256 i = 0; i < _withdrawalIds.length; ++i) {
withdrawals[i] = queuedWithdrawals[_withdrawalIds[i]];
}
return withdrawals;
}

Impact

Low. This issue does not pose a direct security risk but may lead to a suboptimal user experience and increased gas costs for users when querying withdrawal information.

Tools Used

vscode

Recommendations

Consider implementing a more robust error handling mechanism that can process valid withdrawal IDs even when some IDs in the input array are invalid. This can be achieved by checking if each ID is within the valid range and returning a default or null value for invalid IDs.

Updates

Lead Judging Commences

inallhonesty Lead Judge 10 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.