Array out-of-bounds errors in USDPoolDelegator
#39
Labels
1 (Low Risk)
Assets are not at risk. State handling, function incorrect as to spec, issues with comments
bug
Something isn't working
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
Comments
code423n4
added
1 (Low Risk)
chickenpie347
added
the
sponsor confirmed
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Handle
pants
Vulnerability details
The functions
USDPoolDelegator.balances(),USDPoolDelegator.coins()andUSDPoolDelegator.underlying_coins()accept an argument callediand use it as an index to determine which element in the_balances/_coins/_underlying_coinsarray should be loaded and returned. However, these functions don't check that the index they receive as an argument actually fits the bounds of the array.Impact
If the index exceeds the array length, there will be a revert with no informative error message. The user wouldn't know what caused the revert.
Tool Used
Manual code review.
Recommended Mitigation Steps
Add an appropriate require statement to each of these functions to validate that the given argument fits the
_balances/_coins/_underlying_coinsarray bounds.The text was updated successfully, but these errors were encountered: