Project
One World
NFTDeFi
15,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

the return value of viewWhitelistedCurrencies() is not suitable

zhanmingjing

Summary

the return value of viewWhitelistedCurrencies() is not suitable

Vulnerability Details

https://github.com/Cyfrin/2024-11-one-world/blob/main/contracts/dao/CurrencyManager.sol#L102

function viewWhitelistedCurrencies(
uint256 cursor,
uint256 size
) external view override returns (address[] memory, uint256) {
uint256 length = size;
if (length > _whitelistedCurrencies.length() - cursor) {
length = _whitelistedCurrencies.length() - cursor;
}
address[] memory whitelistedCurrencies = new address[]();
for (uint256 i = 0; i < length; i++) {
whitelistedCurrencies[i] = _whitelistedCurrencies.at(cursor + i);
}
return (whitelistedCurrencies, cursor + length);
}

returned whitelistedCurrencies is an array, whose length is calculated accoring to the input cursor , size and the actual length of _whitelistedCurrencies.

(1) if _whitelistedCurrencies's length is 10000, viewWhitelistedCurrencies(9999, 100) will return whitelistedCurrencies(actual length 1) and 10000.

(2) if _whitelistedCurrencies's length is 10000, viewWhitelistedCurrencies(0, 100) will return whitelistedCurrencies(actual length 100) and 100.

(3) if _whitelistedCurrencies's length is 10000, viewWhitelistedCurrencies(10000, 100) will return whitelistedCurrencies(actual length 0) and 10000.

seems, the second return param has no pattern, return (whitelistedCurrencies, length) is much better, length is the actual length of whitelistedCurrencies.

Impact

the second return param of viewWhitelistedCurrencies is useless.

Tools Used

manually review

Recommendations

return (whitelistedCurrencies, length);

Updates

Lead Judging Commences

0xbrivan2 Lead Judge 9 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.