removeCollateral function in USSD is risky as it does not check of index to be with in valid range.

Summary

The removeCollateral function in USSD does not check for _index to be a valid value in the collateral array.

Vulnerability Detail

If _index passed was uint256.max value, the last value in the collateral array will be copied to the uint256.max poistion in the array. and pop will cause the collateral to be lost.

Impact

Code Snippet

https://github.com/sherlock-audit/2023-05-USSD/blob/main/ussd-contracts/contracts/USSD.sol#L120-L123

function removeCollateral(uint256 _index) public onlyControl { collateral[_index] = collateral[collateral.length - 1]; collateral.pop(); }

Tool used

Manual Review

Recommendation

before updating the collateral array, make sure index passed is a valid index in the array. Else return error.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

021.md

021.md

removeCollateral function in USSD is risky as it does not check of index to be with in valid range.

Summary

Vulnerability Detail

Impact

Code Snippet

Tool used

Recommendation

Files

021.md

Latest commit

History

021.md

File metadata and controls

removeCollateral function in USSD is risky as it does not check of index to be with in valid range.

Summary

Vulnerability Detail

Impact

Code Snippet

Tool used

Recommendation