Liquid Staking
Stakelink
DeFiHardhatOracle
50,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Lack of Consistency Check Between numVaultGroups and vaults Length

8olidity

Summary

Lack of Consistency Check Between numVaultGroups and vaults Length

Vulnerability Details

The FundFlowController contract does not perform any checks to ensure that the numVaultGroups variable is consistent with the length of the vaults array obtained from the IVaultControllerStrategy contract. This inconsistency can lead to various operational issues and vulnerabilities.

function _getVaultDepositOrder(
IVaultControllerStrategy _vcs,
uint256 _toDeposit
) internal view returns (uint64[] memory, uint256) {
address[] memory vaults = _vcs.getVaults();
if (vaults.length == 0) return (new uint64[](0), 0);
uint256[] memory depositRoom = new uint256[]();
for (uint256 i = 0; i < numVaultGroups; ++i) {
(, uint256 totalDepositRoom) = _vcs.vaultGroups(i);
depositRoom[i] = totalDepositRoom;
}

Impact

Functions like _getVaultDepositOrder and _getVaultWithdrawalOrder may encounter out-of-bounds errors if numVaultGroups and vaults lengths are inconsistent.

Tools Used

vscode

Recommendations

Implement a check during the initialization of the FundFlowController contract to ensure that the length of the vaults array is a multiple of numVaultGroups. This will help maintain consistency and prevent operational errors.

Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.