Liquidity Management
Gamma
DeFiFoundry
50,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Loop Variable Type Limiting in getUserDeposits

pengu

PerpetualVault.Sol

Issue:
The view function getUserDeposits uses a loop variable of type uint8 when iterating over a dynamic set of deposit IDs.

Details:

function getUserDeposits(address user) external view returns (uint256[] memory depositIds) {
uint256 length = EnumerableSet.length(userDeposits[user]);
depositIds = new uint256[](length);
for (uint8 i = 0; i < length; ) {
depositIds[i] = EnumerableSet.at(userDeposits[user], i);
unchecked { i = i + 1; }
}
}

Here, if a user’s deposit count exceeds 255, the uint8 counter will not be able to index all elements properly (or may wrap around), leading to an incomplete—or even incorrect—return value.

Impact:
A malicious user could intentionally create many (more than 255) deposit records. When they (or an external service) try to retrieve the full list via getUserDeposits, the function would either revert or return an incomplete list. While this is a view function (and does not directly affect fund security), it creates a correctness and usability issue that could be exploited in downstream logic or user interfaces.

Recommendation:
Change the loop variable’s type from uint8 to uint256 so that it can handle an arbitrary number of deposits without risk of overflow or index errors.

Updates

Lead Judging Commences

n0kto Lead Judge 9 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

Informational or Gas

Please read the CodeHawks documentation to know which submissions are valid. If you disagree, provide a coded PoC and explain the real likelihood and the detailed impact on the mainnet without any supposition (if, it could, etc) to prove your point.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!