Description

The function fetchEpochIds is used to get the list of epochIds, validVaults, and vaultType for the vaults that are active.

The function loops through the vault's array, calls the function epochValid for each array, and returns the epochId, vaultType, and a boolean valid that describes if the vault is valid or not. When a vault is invalid --- in other words, valid = false --- the counter i is increased but the validCount is not. If any vault is invalid, there would be a mismatch between the returned arrays.

function fetchEpochIds(
        address[] memory vaults
    )
        public
        view
        returns (
            uint256[] memory epochIds,
            address[] memory validVaults,
            uint256[] memory vaultType
        )
    {
        uint256 validCount;
        epochIds = new uint256[](vaults.length);
        validVaults = new address[](vaults.length);
        vaultType = new uint256[](vaults.length);

        for (uint256 i = 0; i < vaults.length; ) {
            IEarthquake vault = IEarthquake(vaults[i]);

            bool valid;
            (valid, epochIds[i], vaultType[i]) = epochValid(vault);
            unchecked {
                i++;
            }

            if (!valid) {
                continue;
            }

            validVaults[validCount] = address(vault);
            unchecked {
                validCount++;
            }
        }
    }

Impact

If the weightStrategy used is 3 (threshold), the function _thresholdWeight would revert in VaultGetter.getRoi as this function would try to call totalSupply on an address(0). The function _thresholdWeight is internally called in deployPosition; therefore, deploying new positions might fail.

Recommendations

Revert the function fetchEpochIds if a vault in the list is invalid.

Remediation

The issue was fixed in commit 8e8d33e↗.