Assessment reportsPublic findings
Back to Zellic site
Assessment reports>DfynRFQ>Discussion>Array index bounds
GeneralOverview
Findings
Low (1)
Informational (2)
DiscussionArray index boundsGas optimizationUnnecessary safeMath calls
Audit ResultsResults

Array indexes may be out of bounds

In the case of the tokens and amounts array used in the _swap() function, no check on their length is performed. There are no restrictions in regards to verifying whether their lengths are equal, as is to be expected.

Due to the nature of how the protocol was built, we recommend checking that their lengths are equal to one another as well as checking that the length of one of them is equal to 2.

function _swap(
    address custodian,
    address[] calldata tokens,
    uint256[] calldata amounts,
    uint64 deadline,
    bytes calldata signature
) internal onlyWhitelisted(custodian) returns (bool) {
    require(tokens.length == amounts.length, "Array size mismatch");
    require(tokens.length == 2, "Array with inadequate size");
    // ...

This issue has been properly resolved in commit 3be1183.

Zellic © 2024Back to top ↑