The claimAndSwap
function does not validate whether the _routeNumber
parameter falls within the valid range of configured routes.
This omission could result in out-of-bounds array access, causing the transaction to revert or potentially introducing exploitable vulnerabilities in certain environments.
The claimAndSwap
function uses the _routeNumber
parameter to access routes, swapParams, and pools arrays without verifying that _routeNumber
is within the valid range of configured routes.
If _routeNumber
exceeds the length of the routes, swapParams, or pools arrays, it will cause an out-of-bounds access error, reverting the transaction.
An attacker could exploit this vulnerability to disrupt the functionality of the protocol by sending an invalid _routeNumber
.
Add a validation check to ensure _routeNumber
is within the valid range of configured routes.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.