Submission Details
Severity:
Lack of check for duplicate vault Id
## Summary
Lack of check for duplicate vault Id in `MarketMakingEngineConfigurationBranch::connectVaultsAndMarkets`
## Vulnerability Details
The function `MarketMakingEngineConfigurationBranch::connectVaultsAndMarkets` is respomsible for connected vaults to markets.
However, the function does not check if two vault Ids are present in the array `vaultIds` or if a vault Id has already been
connected to the market and the same vault Id is present in `vaultIds` array.
## Impact
Two same vault is connected to a market.
## Recommendations
Loop through the connected vaults to a market `market.connectedVaults` and enforce the vault to be connected has not been
already connected. Enforce this check in `MarketMakingEngineConfigurationBranch::_configureMarketConnectedVaults`. This might
not be gas efficient for the function.
```diff
+ error VaultIdAlreadyExist();
+ .
+ .
+ .
function _configureMarketConnectedVaults(uint128 marketId, uint256[] calldata vaultIds) internal {
// revert if vaultId is set to zero
if (marketId == 0) {
revert Errors.ZeroInput("marketId");
}
+ for(uint256 i; i < market.connectedVaults.length, i++) {
+ if(vaultIds[i] == market.connectedVaults[i]) {
+ revert VaultIdAlreadyExist()
+ }
+ }
```
Prize pool breakdown
Total prize
70,000 USDC
nSLOC
3,25821
USDC / LOC
66,500
3,500
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.