Uninitialized Local Variable in getOrderDetailsString Allows Potential Data Corruption

Description

• The local variable tokenSymbol in getOrderDetailsString() is declared but never initialised, leaving it with an undefined memory value. While Solidity initializes storage variables to zero, uninitialised memory variables can retain stale data from previous function calls, leading to:

  • Incorrect string outputs (corrupted tokenSymbol values).

  • Misdirected funds if the symbol is used in address resolution (e.g., token lookups).

Risk

Likelihood:

• Medium Risk – If tokenSymbol is used in:

  1. Address derivation (e.g., getTokenAddress(tokenSymbol)), it could resolve to a malicious token.

  2. User-facing outputs, it may display corrupted data, causing trust issues.

Impact:

• Impact:

  1. Data Corruption

     • The uninitialized tokenSymbol may return stale memory values, leading to incorrect order details (e.g., displaying a wrong token symbol or arbitrary strings).

  2. Malicious Token Resolution

     • If tokenSymbol is used to derive token addresses (e.g., getTokenAddress(tokenSymbol)), an attacker could exploit stale values to redirect funds to a malicious contract.

Proof of Concept

An attacker could repeatedly call other functions to pollute memory slots,
then call getOrderDetailsString() to leak stale data.

Recommended Mitigation

Initialize all the variables. If a variable is meant to be initialized to zero, explicitly set it to zero to improve code readability.