Dria
Swan
NFTHardhat
21,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Lack of Duplicate Check in `setMarketParameters` Function Allows Redundant Market Parameter Entries

igdbaxe

Summary

The setMarketParameters function in the contract lacks a duplicate check, allowing identical market parameter entries to be added multiple times to the marketParameters array. This can lead to inefficiencies, increased gas costs, and potential errors if the contract relies on unique entries. Implementing a duplicate check within the function would prevent redundant entries, enhancing contract reliability and data integrity.

Vulnerability Details

Here is a reference to the code:

function setMarketParameters(SwanMarketParameters memory _marketParameters) external onlyOwner {
require(_marketParameters.platformFee <= 100, "Platform fee cannot exceed 100%");
_marketParameters.timestamp = block.timestamp;
marketParameters.push(_marketParameters);
}

  1. Issue in Code: The function currently appends each set of parameters to marketParameters without checking for existing duplicates.

  2. Cause: The absence of a check that verifies if a similar set of parameters has already been added to marketParameters.

  3. How the Vulnerability Manifests: Repeated calls to setMarketParameters with the same parameters will insert identical entries into marketParameters. This could occur if an external script or contract unintentionally calls this function multiple times with the same parameters.

Impact

The setMarketParameters function currently lacks a check to prevent duplicate entries in the marketParameters array. As a result, identical sets of market parameters can be added multiple times. This redundancy can lead to inefficiencies, increased gas costs, and potential confusion in the contract's logic where unique entries are assumed. If other parts of the contract depend on each entry in marketParameters being distinct, duplicates could cause unintended behavior or complicate data processing.

Tools Used

  • Manual code review

Recommended Mitigation Steps

Implement a duplicate check in the setMarketParameters function. Here is an example modification:

function setMarketParameters(SwanMarketParameters memory _marketParameters) external onlyOwner {
require(_marketParameters.platformFee <= 100, "Platform fee cannot exceed 100%");
// Check for duplicate entries
for (uint256 i = 0; i < marketParameters.length; i++) {
if (
marketParameters[i].parameter1 == _marketParameters.parameter1 &&
marketParameters[i].parameter2 == _marketParameters.parameter2 &&
// Add checks for all relevant fields in _marketParameters
) {
revert("Market parameters already exist");
}
}
_marketParameters.timestamp = block.timestamp;
marketParameters.push(_marketParameters);
}
Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.