Missing Vault Existence Check in `Vault::updateVaultSwapStrategy` Function
Summary
The Vault::updateVaultSwapStrategy function lacks a check to verify the existence of the vault before attempting to update the vault swap strategy. This could lead to issues where the function tries to access or modify data for a non-existent vault.
Vulnerability Details
In the current implementation, the function updateVaultSwapStrategy retrieves the Data for a specific vault via the load(vaultId) call. However, there is no validation to ensure that the vault identified by vaultId exists in the system before attempting to update the swap strategy. Without this check, a non-existent vault ID could lead to unexpected behavior or errors.
Impact
The lack of a vault existence check could allow the function to operate on an invalid or non-existent vault, potentially causing incorrect state updates or failure during execution.
It can lead to Unintended vaults creation which can result to security.
Users may unknowingly interact with a vault that was never initialized.
vulnerabilities or data corruption in the contract.
Recommendations
Implement a validation step to check for the existence of the vault before updating the swap strategy.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.