Length mismatched and gas outbound error. #353
Labels
bug
Something isn't working
disagree with severity
Sponsor confirms validity, but disagrees with warden’s risk assessment (sponsor explain in comments)
duplicate
This issue or pull request already exists
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
sponsor disputed
Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue
Comments
code423n4
added
2 (Med Risk)
merklejerk
added
the
disagree with severity
|
If the caller runs out of gas, they can just split their array up across transactions. If they're not of compatible lengths, the indexing operation will revert. |
0xble
added
the
sponsor disputed
|
Agree RE out of gas and revert, but partyTokenIds too large would simply be ignored. This seems like a NC suggestion to help prevent user error/confusion. Merging with #352 |
HardlyDifficult
added
duplicate
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Lines of code
https://github.com/PartyDAO/party-contracts-c4/blob/3896577b8f0fa16cba129dc2867aba786b730c1b/contracts/distribution/TokenDistributor.sol#L225
Vulnerability details
Impact
The Array length is not checked if they are the same to avoid mismatch which can cost gas and which might revert if not assigned properly and also check the length of the array that is about to be looped is within the gas limit per block which validators can accept in a block.
Proof of Concept
https://github.com/PartyDAO/party-contracts-c4/blob/3896577b8f0fa16cba129dc2867aba786b730c1b/contracts/distribution/TokenDistributor.sol#L225
Tools Used
Recommended Mitigation Steps
The length of the arrays pass should be checked to be sure they are of the same length to avoid length mismatch as stated above and also the looping should be checked that it won’t expand to more than the computation a block can take.
The text was updated successfully, but these errors were encountered: