Array out-of-bounds error in Auction
#31
Labels
1 (Low Risk)
Assets are not at risk. State handling, function incorrect as to spec, issues with comments
bug
Warden finding
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
Handle
pants
Vulnerability details
The function
Auction.withdrawBounty()
accept an argument calledbountyIds
and use it as indices to determine which elements in the_bounties
array should be loaded and treated. However, this function don't check that the indices it receives as an argument actually fits the bounds of the_bounties
array.Impact
If one of the indices exceed the array length, there will be a revert with no informative error message. The user wouldn't know what caused the revert.
Tool Used
Manual code review.
Recommended Mitigation Steps
Add an appropriate require statement to this function to validate that the given argument fits the
_bounties
array bounds.The text was updated successfully, but these errors were encountered: