Submission Details
Severity:
Include checks in `StrategyMainnet.sol` for array size.
Summary
In contract StrategyMainnet.sol function addRoute include checks for size array. Also check of array size where array is implemented so it donot greater than size.
Vulnerability Details
This issue is classified as a Medium Severity finding due to the checking fix size of array params in addRoute function
In the StrategyMainnet.sol:56 contract, the function addRoute has if someone pass input greater than array size.It show different behaviour on the EVM.
function addRoute(
address[11] calldata _route,
uint256[5][5] calldata _swapParams,
address[5] calldata _pools
) external onlyManagement {
routes[nRoutes] = _route;
swapParams[nRoutes] = _swapParams;
pools[nRoutes] = _pools;
nRoutes++;
}
Impact
To donot show any random behavior.
It invites the DoS (denial of service attack)
Tools Used Manual Review
Recommendations
Include check for array size with require statements
function addRoute(
address[11] calldata _route,
uint256[5][5] calldata _swapParams,
address[5] calldata _pools
) external onlyManagement {
+ require(_route.length == 11 , "Exceed the size of _route");
routes[nRoutes] = _route;
+ require(_swapParams.length == 5, "Exceed the size of _swapParams");
swapParams[nRoutes] = _swapParams;
+ require(_pools.length == 5,"Exceed th size of _pools");
pools[nRoutes] = _pools;
nRoutes++;
}
Prize pool breakdown
Total prize
16,653 OP
nSLOC
25366
OP / LOC
15,800
853
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.