krkba - lack of input validation for array lengths in batchTelcoin()
function
#2
Labels
Excluded
Excluded by the judge without consulting the protocol or the senior
Non-Reward
This issue will not receive a payout
krkba
medium
lack of input validation for array lengths in
batchTelcoin()
functionkrkba
Summary
Vulnerability Detail
When there is a lack of input validation for array lengths, it means the contract does not verify whether the lengths of destinations array and amounts array match before proceeding with execution the function.
Impact
Mismatched array lengths can potentially exploited by attcker to manipulate the contract behavior,they may attempt to provide invalid or unexpected data, causing the contract to behave in unintended ways.
Code Snippet
https://github.com/sherlock-audit/2024-01-telcoin/blob/main/telcoin-audit/contracts/protocol/core/TelcoinDistributor.sol#L185-L203
Tool used
Manual Review
Recommendation
The contract should check whether the lengths of destinations and amounts arrays match before proceeding.
The text was updated successfully, but these errors were encountered: