Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Bond Protocol>Informational findings>Array indexes may be out of bounds
GeneralOverview
Findings
Medium (2)
Low (1)
Informational (3)Lack of input validationInvalid array indexesIncorrectly set market
DiscussionRedundant safeTransfer callAssure token is activeRemove unchecked blockDouble-counted auctioneer
Threat ModelsWhat are threat models?BondAggregator.solBondBaseCallback.solBondBaseSDA.solBondBaseTeller.solBondFixedExpirySDA.solBondFixedExpiryTeller.solBondFixedTermSDA.solBondFixedTermTeller.sol
Audit ResultsResults
Category: Business Logic

Array indexes may be out of bounds

Informational Severity
Informational Impact
N/A Likelihood

Description

In the batchRedeem function, two arrays are passed as parameters to the function. The two arrays, tokenIds and amounts_, are then accessed in one for loop for the same indices, without prior checking that their lengths are equal.

function batchRedeem(uint256[] calldata tokenIds_, uint256[] calldata amounts_) external override nonReentrant {
    uint256 len = tokenIds_.length;
    // @audit make sure that ther lengths are equal
    for (uint256 i; i < len; ++i) {
        _redeem(tokenIds_[i], amounts_[i]);
    }
}

Impact

Should there be a scenario when the lengths mismatch, the out-of-bounds error would trigger the function call to revert altogether at the last index, thus wasting the gas used for the transaction.

Recommendations

We recommend implementing a check such that the length of the arrays is properly checked before the for loop.

require(tokenIds.length == amounts_.length, "arrays' lengths mismatch");

Remediation

Bond Labs acknowledged this finding and implemented a fix in commit 436d18ec.

Zellic © 2024Back to top ↑