Submission Details
Severity:
incorrect encoding and decoding leads to errors
Summary
incorrect encoding and decoding leads to errors
Vulnerability Details
function checkUpkeep(bytes calldata) external view returns (bool, bytes memory) {
bool[] memory splittersToCall = new bool[]();
bool overallUpkeepNeeded;
for (uint256 i = 0; i < splittersToCall.length; ++i) {
(bool upkeepNeeded, ) = splitters[accounts[i]].checkUpkeep("");
splittersToCall[i] = upkeepNeeded;
if (upkeepNeeded) overallUpkeepNeeded = true;
}
return (overallUpkeepNeeded, abi.encode(splittersToCall));
}
function performUpkeep(bytes calldata _performData) external {
bool[] memory splittersToCall = abi.decode(_performData, (bool[]));
bool splitterCalled;
for (uint256 i = 0; i < splittersToCall.length; ++i) {
if (splittersToCall[i] == true) {
splitters[accounts[i]].performUpkeep("");
splitterCalled = true;
}
}
if (splitterCalled == false) {
revert InvalidPerformData();
}
}
check the encoding in checkupkeep and the decoding in performupkeep. the decoding will revert. splitting new rewards between receivers will not happen due to the error in decoding.
Impact
performupkeep will not decode the splitterstocall which will revert.
Tools Used
Manual Review
Recommendations
correct the decoding to match the encoding.
Updates
Lead Judging Commences
inallhonesty
11 months ago
inallhonesty 10 months ago
Submission Judgement Published Assigned finding tags:
Chainlink Automation integration bad
Prize pool breakdown
Total prize
50,000 USDC
nSLOC
2,53020 USDC / LOC
42,000 USDC
4,250 USDC
3,750 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.