Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

krkba - lack of input validation for array lengths in batchTelcoin() function #2

Closed
sherlock-admin opened this issue Jan 15, 2024 · 1 comment
Closed

krkba - lack of input validation for array lengths in batchTelcoin() function #2

sherlock-admin opened this issue Jan 15, 2024 · 1 comment
Labels
Excluded Excluded by the judge without consulting the protocol or the senior Non-Reward This issue will not receive a payout

Comments

@sherlock-admin
Copy link
Contributor

sherlock-admin commented Jan 15, 2024
edited by sherlock-admin2
Loading

krkba

medium

lack of input validation for array lengths in batchTelcoin() function

krkba

Summary

Vulnerability Detail

When there is a lack of input validation for array lengths, it means the contract does not verify whether the lengths of destinations array and amounts array match before proceeding with execution the function.

Impact

Mismatched array lengths can potentially exploited by attcker to manipulate the contract behavior,they may attempt to provide invalid or unexpected data, causing the contract to behave in unintended ways.

Code Snippet

https://github.com/sherlock-audit/2024-01-telcoin/blob/main/telcoin-audit/contracts/protocol/core/TelcoinDistributor.sol#L185-L203

Tool used

Manual Review

Recommendation

The contract should check whether the lengths of destinations and amounts arrays match before proceeding.
@sherlock-admin2 sherlock-admin2 mentioned this issue Jan 15, 2024
Closed
@github-actions github-actions bot added Has Duplicates A valid issue with 1+ other issues describing the same vulnerability Excluded Excluded by the judge without consulting the protocol or the senior labels Jan 19, 2024
This was referenced Jan 19, 2024
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
@sherlock-admin2 sherlock-admin2 changed the title Perfect Stone Weasel - lack of input validation for array lengths in batchTelcoin() function krkba - lack of input validation for array lengths in batchTelcoin() function Jan 29, 2024
@sherlock-admin2 sherlock-admin2 added Non-Reward This issue will not receive a payout and removed Has Duplicates A valid issue with 1+ other issues describing the same vulnerability labels Jan 29, 2024
@nevillehuang
Copy link
Collaborator

Low severity,, batchTelcoin() is only called within executeTransaction() so this constitute user input error not valid based on sherlock rules, additionally transactions can always be challenged.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Excluded Excluded by the judge without consulting the protocol or the senior Non-Reward This issue will not receive a payout
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@nevillehuang @sherlock-admin @sherlock-admin2