Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Array out-of-bounds error in Auction #31

Open
code423n4 opened this issue Oct 9, 2021 · 1 comment
Open

Array out-of-bounds error in Auction #31

code423n4 opened this issue Oct 9, 2021 · 1 comment
Labels
1 (Low Risk) Assets are not at risk. State handling, function incorrect as to spec, issues with comments bug Warden finding sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")

Comments

@code423n4
Copy link
Contributor

Handle

pants

Vulnerability details

The function Auction.withdrawBounty() accept an argument called bountyIds and use it as indices to determine which elements in the _bounties array should be loaded and treated. However, this function don't check that the indices it receives as an argument actually fits the bounds of the _bounties array.

Impact

If one of the indices exceed the array length, there will be a revert with no informative error message. The user wouldn't know what caused the revert.

Tool Used

Manual code review.

Recommended Mitigation Steps

Add an appropriate require statement to this function to validate that the given argument fits the _bounties array bounds.

@code423n4 code423n4 added 1 (Low Risk) Assets are not at risk. State handling, function incorrect as to spec, issues with comments bug Warden finding labels Oct 9, 2021
code423n4 added a commit that referenced this issue Oct 9, 2021
@frank-beard frank-beard added the sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity") label Nov 6, 2021
@GalloDaSballo
Copy link
Collaborator

The lack of check can cause a revert for out of bounds, finding is valid

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
1 (Low Risk) Assets are not at risk. State handling, function incorrect as to spec, issues with comments bug Warden finding sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
Projects
None yet
Development

No branches or pull requests

3 participants