Submission Details
Severity:
Incorrect parameters for the `ArrayLengthMismatch` error message
Summary
The MarketMakingEngineConfigurationBranch.configureDepositAndRedeemFees function verifies the array lengths and throws an error in case of mismatch. The problem is that the massage will contain accepted lengths instead of incorrect.
Vulnerability Details
function configureDepositAndRedeemFees(
uint128[] calldata vaultsIds,
uint128[] calldata depositFees,
uint128[] calldata redeemFees
)
external
onlyOwner
{
// verify the array length
>> if (vaultsIds.length != depositFees.length) {
revert Errors.ArrayLengthMismatch(vaultsIds.length, depositFees.length);
}
// verify the array length
if (depositFees.length != redeemFees.length) {
>> revert Errors.ArrayLengthMismatch(vaultsIds.length, depositFees.length);
}
Impact
Unintended behavior
Tools used
Manual Review
Recommendations
Consider including relevant lengths in the error message:
// verify the array length
if (depositFees.length != redeemFees.length) {
- revert Errors.ArrayLengthMismatch(vaultsIds.length, depositFees.length);
+ revert Errors.ArrayLengthMismatch(redeemFees.length, depositFees.length);
}
Updates
Lead Judging Commences
inallhonesty 6 months ago
Submission Judgement Published Assigned finding tags:
configureDepositAndRedeemFees function emits the wrong parameters inside the `(depositFees.length != redeemFees.length)` check
Prize pool breakdown
Total prize
70,000 USDC
nSLOC
3,25821 USDC / LOC
66,500
3,500
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.