The return value of viewWhitelistedCurrencies can be clearer
Summary
The return value of viewWhitelistedCurrencies is not very clear. The second parameter is a uint, but it doesn't tell anyone what it means, also it is incorrect.
Vulnerability Details
CurrencyManager.viewWhitelistedCurrencies returns an array of addresses and a uint return (whitelistedCurrencies, cursor + length);
This function is supposed to help the caller get the number of currencies from a point. For example if there are 15 currency, and the user wants to know what is the 5 currencies after currency number 8.
If there are 10 currencies, and the user wants to know what are the 5 currencies after, the function will reduce the number to 2, to not exceed the maximum amount of currencies.
When the function returns, it returns the array of currencies and cursor + length. For example, the function will return (currency8,currency9,currency10,currency11,currency12), (8 + 5).
cursor + length is ambiguous. If the index is wanted, cursor + length - 1 should be called instead, and there should be another parameter that states the start of the index.
Also, there is insufficient checks to ensure that the cursor < total length.
Impact
Ambiguity in return statement.
Tools Used
Manual Review
Recommendations
Have 3 return parameters and return the array of addresses, the start index, and the end index for clarity.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.