Duplicate asset can be added #23
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
Lines of code
https://github.com/code-423n4/2022-04-phuture/blob/main/contracts/ManagedIndex.sol#L35
https://github.com/code-423n4/2022-04-phuture/blob/main/contracts/TopNMarketCapIndex.sol#L57
https://github.com/code-423n4/2022-04-phuture/blob/main/contracts/TrackedIndex.sol#L45
Vulnerability details
Impact
Initialize function can be called multiple times with same asset. Calling with same asset will make duplicate entries in assets list. Any function reading assets will get impacted and would retrieve duplicate asset
Proof of Concept
Recommended Mitigation Steps
Add a check to fail if assets already contains the passed asset argument. Also add a modifier so that initialize could only be called once
The text was updated successfully, but these errors were encountered: