Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Plaza>Informational findings>Missing length check
GeneralOverview
Findings
Medium (1)
Low (1)
Informational (1)Missing length check
Threat ModelWhat are threat models?PreDeposit
Audit ResultsAssessment Results
Category: Coding Mistakes

Missing length check

Informational Severity
Informational Impact
N/A Likelihood

Description

In the _deposit and withdraw functions, there is no check that the lengths of the tokens array and the amounts array are equal.

function _deposit(address[] memory tokens, uint256[] memory amounts, address recipient) private checkDepositStarted checkDepositNotEnded {
    _checkCap(tokens, amounts);

    for (uint256 i = 0; i < tokens.length; i++) {
      IERC20(tokens[i]).safeTransferFrom(msg.sender, address(this), amounts[i]);
      address token = tokens[i];
      uint256 amount = amounts[i];
      balances[recipient][token] += amount;
    }    

    emit Deposited(recipient, tokens, amounts);
}

function withdraw(address[] memory tokens, uint256[] memory amounts) external nonReentrant whenNotPaused checkDepositStarted checkDepositNotEnded {
    for (uint256 i = 0; i < tokens.length; i++) {
      address token = tokens[i];
      uint256 amount = amounts[i];
      if (balances[msg.sender][token] < amount) revert InsufficientBalance();
      balances[msg.sender][token] -= amount;
      IERC20(token).safeTransfer(msg.sender, amount);
    }

    emit Withdrawn(msg.sender, tokens, amounts);
}

Impact

There is no security impact, and as such, this finding is reported as Informational. A mismatching length would just cause a revert. We report this with the purpose of improving the quality and consistency of the codebase.

Recommendations

Consider adding a check to ensure that the lengths of the tokens array and the amounts array are equal.

Remediation

This issue has been acknowledged by Plaza Finance, and a fix was implemented in commit a616df44.

Zellic © 2025Back to top ↑