The setWeightsManually function allows you to manually alter weights for assets in a pool. When _numberOfAssets is less than the length of the _weights array, the function only validates a portion of the weights, leaving unvalidated values in the array. This presents possible dangers since unvalidated items can avoid intended limits.
The validation loop in the setWeightsManually function checks weights only for indices less than _numberOfAssets:
If _numberOfAssets is less than _weights.length, weights at indices greater than or equal to _numberOfAssets are not validated. These unchecked weights may contain invalid or malicious values.
The vulnerability can lead to Bypassing Validation, as unvalidated elements in the _weights array could have negative values or exceed the 1e18 limit, which might disrupt pool calculations or lead to undefined behavior.
Manual review
_weights Array:Ensure that all elements in the _weights array are validated, irrespective of the _numberOfAssets. Modify the validation loop as follows:
Please read the CodeHawks documentation to know which submissions are valid. If you disagree, provide a coded PoC and explain the real likelyhood and the detailed impact on the mainnet without any supposition (if, it could, etc) to prove your point.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.