input validation #77
Labels
0 (Non-critical)
Code style, clarity, syntax, versioning, off-chain monitoring (events etc), exclude gas optimisation
bug
Something isn't working
sponsor acknowledged
Technically the issue is correct, but we're not going to resolve it for XYZ reasons
Handle
sabtikw
Vulnerability details
Impact
not input validation in below functions which would return ambiguous values
function publicLockVersions(address _impl) external view returns(uint16)
and
function publicLockImpls(uint16 _version) external view returns(address)
Proof of Concept
function publicLockVersions(address _impl) external view returns(uint16) {
return _publicLockVersions[_impl];
}
function publicLockImpls(uint16 _version) external view returns(address) {
return _publicLockImpls[_version];
}
Tools Used
manual review
Recommended Mitigation Steps
add require statement
require (_publicLockVersions[_impl] != 0, "NOT FOUND")
require(_publicLockImpls[_version] != address(0), "NOT FOUND")
The text was updated successfully, but these errors were encountered: