EnumerableSet Length Check in viewWhitelistedCurrencies could lead to out-of-bounds access
Summary
The viewWhitelistedCurrencies function in CurrencyManager.sol does not sufficiently validate the cursor parameter, which could lead to out-of-bounds access and runtime errors.
Finding Description
The viewWhitelistedCurrencies function calculates the number of items to return based on the cursor and size parameters, aiming to prevent accessing more than _whitelistedCurrencies.length() - cursor items. However, if cursor itself is set to a value greater than _whitelistedCurrencies.length(), it may lead to unintended behavior or out-of-bounds access.
This issue could result in runtime errors, disrupting the function’s intended behavior and impacting users relying on the correct output of whitelisted currencies. A malicious user could potentially cause the contract to behave unexpectedly by setting cursor to an invalid position.
Vulnerability Details
The vulnerability lies in the lack of bounds checking for the cursor parameter. Without verifying that cursor is within the range of _whitelistedCurrencies.length(), the function could attempt to access an invalid index, causing out-of-bounds errors.
Impact
This vulnerability is classified as High Impact because it affects the contract's reliability. If exploited, this issue could cause contract calls to revert, affecting downstream contracts or user interfaces relying on the function’s data.
Proof of Concept
Here’s an example of how a malicious or unintended input could break the function:
Recommendations
To resolve this, add a check at the beginning of viewWhitelistedCurrencies to ensure cursor is within bounds:
Suggested Fix
File Location
CurrencyManager.sol
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.