Description

The initialize function in both CurveLpTokenPriceOracleNoRegistry and FusePoolLens does not validate the passed array parameters which may lead to unintended storage outcomes.

Impact

In both of the initialize functions, Ionic Protocol uses a for-loop to iterate through array parameters and append them to a mapping variable. If the lengths of the arrays are not equal, the initialize call will either revert or complete successfully with missing data.

In CurveLpTokenPriceOracleNoRegistry, the mappings poolOf and underlyingTokens may not be set to the intended values if the length of the array _lpTokens is less than the length of either the _pools or _poolUnderlyings arrays.

In FusePoolLens, the mapping variable hardcoded stores the mapping of token addresses (_hardcodedAddresses) to TokenData which includes a token's name and symbol. If the length of the _hardcodedAddresses array is less than the length of the _hardcodedNames or _hardcodedSymbols arrays, then parameters in those arrays that exist after _hardcodedAddresses.length will not be stored.

Recommendations

Consider adding require statements in the initialize function to validate user-controlled data input and to ensure that array lengths are equal.

Remediation

The issue has been fixed by Ionic Protocol in commit c71037↗.