Part 2
Zaros
PerpetualsDEXFoundrySolidity
70,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Valid

Out-of-Bounds Error in Market::configureConnectedVaults

i_atiq

Summary

In the function configureConnectedVaults, the line: connectedVaults[connectedVaults.length].add(vaultsIds[i]); will cause an "index out of bounds" error because connectedVaults.length gives the current length of the array and connectedVaults[connectedVaults.length] tries to access an index that does not exist

Vulnerability Details

connectedVaults is an array of EnumerableSet.UintSet. Solidity does not support dynamic array expansion via index assignment. When connectedVaults.length == n, trying to access connectedVaults[n] does not create a new element. Instead, it throws an out-of-bounds error.

Impact

  • Directly accessing connectedVaults[connectedVaults.length] does not automatically expand the array.

  • The function will fail every time unless connectedVaults.length has been explicitly increased.

Recommendation

Explicitly push a new UintSet instance before accessing an index.

function configureConnectedVaults(Data storage self, uint128[] memory vaultsIds) internal {
EnumerableSet.UintSet[] storage connectedVaults = self.connectedVaults;
+ connectedVaults.push();
for (uint256 i; i < vaultsIds.length; i++) {
connectedVaults[connectedVaults.length - 1].add(vaultsIds[i]);
}
}
Updates

Lead Judging Commences

inallhonesty Lead Judge 10 months ago
Submission Judgement Published
Validated
Assigned finding tags:

`Market::configureConnectedVaults` Will Always Fail with Array Out of Bounds Error

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!