Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Wasabi Perps>Low findings>Missing length check
GeneralOverview
Findings
Critical (2)
High (1)
Medium (1)
Low (4)Zero interest automatically changed to maximum Loss of precisionMissing length checkInitializers not disabled
Informational (2)
DiscussionLimited test coverageThe difficulty of analyzing code that relies on offchain components
Threat ModelWhat are threat models?BaseWasabiPool.solDebtController.solWasabiLongPool.solWasabiShortPool.solWasabiVault.sol
Audit ResultsSummary
Category: Coding Mistakes

Missing length check

Low Severity
Informational Impact
N/A Likelihood

Description

The BaseWasabiPool::liquidatePositions function is checking that the length of the _positions argument equals the length of the _interests argument, but it is not checking the length of _swapFunctions.

function liquidatePositions(
    bool _unwrapWETH,
    uint256[] calldata _interests,
    Position[] calldata _positions,
    FunctionCallData[][] calldata _swapFunctions
) external payable onlyOwner {
    uint256 length = _positions.length;
    if (length != _interests.length) revert InterestAmountNeeded();
    for (uint i = 0; i < length; ++i) {
        liquidatePosition(_unwrapWETH, _interests[i], _positions[i], _swapFunctions[i]);
    }
}

Impact

There is no security impact, and as such this finding is reported as informational. A mismatching length would just cause a revert. Since this is a function reserved to protocol owners, it has no impact on the user experience. We report this with the purpose of improving the quality and consistency of the codebase.

Recommendations

Consider adding a check on the length of the _swapFunctions argument.

Remediation

This issue has been acknowledged by Wasabi, and a fix was implemented in commit 1aee88f1.

Zellic © 2024Back to top ↑