Incorrect array access will always cause a revert.
Summary
In configureConnectedVaults function of Market.sol file
The function configureConnectedVaults attempts to add a series of vault IDs (vaultsIds) to the connectedVaults array, which is an array of EnumerableSet.UintSet instances. The function iterates over the vaultsIds array and tries to add each element to a new UintSet within the connectedVaults array using incorrect array access.
Vulnerability Details
The function accesses connectedVaults[connectedVaults.length] to add new vaultsIds into the array. However, this is incorrect because Solidity does not allow dynamic array elements to be accessed directly beyond the current length of the array.
The expression connectedVaults[connectedVaults.length] will always cause an "index out of bounds" error, as it tries to access an index that doesn't exist yet. This results in a revert when attempting to add a new element to the connectedVaults array.
Impact
Due to the incorrect array access (connectedVaults[connectedVaults.length]), the function will always revert when executed. No vault IDs will be added to the connectedVaults array.
This prevents the system from configuring connected vaults as intended and halts any further interaction with the function, leading to a failure in any process depending on the successful execution of this function.
Tools Used
Manual
Recommendations
Instead of trying to access connectedVaults[connectedVaults.length], the code should use connectedVaults.push() to add a new UintSet to the array before attempting to add vault IDs to it:
Lead Judging Commences
`Market::configureConnectedVaults` Will Always Fail with Array Out of Bounds Error
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.