Missing Zero Address and Zero WithdrawalRequestId Check in `WithdrawalRequest::load` Function
Summary
The function WithdrawalRequest::load is used to load a withdrawal request from storage based on the provided vaultId, account, and withdrawalRequestId. However, it does not perform checks to ensure that the account address is not a zero address, and that withdrawalRequestId is not zero. This could potentially lead to errors or undesired behavior.
Vulnerability Details
The function performs a keccak256 hashing to derive a storage slot, but it does not validate that the account is not the zero address (address(0)) and that the withdrawalRequestId is not set to 0.
A zero address could allow the function to fetch an invalid storage slot, potentially affecting the logic or causing unexpected results.
Impact
If the
accountis a zero address orwithdrawalRequestIdis zero, it may lead to an incorrect withdrawal request being loaded, causing issues such as invalid access to the contract's storage, or security vulnerabilities.This may allow a user to accidentally or maliciously interact with an unintended request or resource, potentially causing a loss of funds or other unwanted outcomes.
Tools Used
Recommendations
Add a validation check to ensure that account != address(0) and withdrawalRequestId != 0 before performing the keccak256 hashing.
Ensure that these checks are added before interacting with the storage to prevent loading incorrect or invalid data.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.