Category: Coding Mistakes
Missing length check
Informational Severity
Informational Impact
N/A Likelihood
Description
In the _deposit
and withdraw
functions, there is no check that the lengths of the tokens
array and the amounts
array are equal.
function _deposit(address[] memory tokens, uint256[] memory amounts, address recipient) private checkDepositStarted checkDepositNotEnded {
_checkCap(tokens, amounts);
for (uint256 i = 0; i < tokens.length; i++) {
IERC20(tokens[i]).safeTransferFrom(msg.sender, address(this), amounts[i]);
address token = tokens[i];
uint256 amount = amounts[i];
balances[recipient][token] += amount;
}
emit Deposited(recipient, tokens, amounts);
}
function withdraw(address[] memory tokens, uint256[] memory amounts) external nonReentrant whenNotPaused checkDepositStarted checkDepositNotEnded {
for (uint256 i = 0; i < tokens.length; i++) {
address token = tokens[i];
uint256 amount = amounts[i];
if (balances[msg.sender][token] < amount) revert InsufficientBalance();
balances[msg.sender][token] -= amount;
IERC20(token).safeTransfer(msg.sender, amount);
}
emit Withdrawn(msg.sender, tokens, amounts);
}
Impact
There is no security impact, and as such, this finding is reported as Informational. A mismatching length would just cause a revert. We report this with the purpose of improving the quality and consistency of the codebase.
Recommendations
Consider adding a check to ensure that the lengths of the tokens
array and the amounts
array are equal.
Remediation
This issue has been acknowledged by Plaza Finance, and a fix was implemented in commit a616df44↗.