Platform: Code4rena
Start Date: 03/07/2023
Pot Size: $40,000 USDC
Total HM: 14
Participants: 74
Period: 7 days
Judge: alcueca
Total Solo HM: 9
Id: 259
League: ETH
Rank: 58/74
Findings: 1
Award: $17.52
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: 0xprinc
Also found by: 0x11singh99, 0xAnah, 0xWaitress, 0xkazim, 2997ms, 33audits, 404Notfound, 8olidity, CRIMSON-RAT-REACH, CyberPunks, DanielWang888, Deekshith99, Eeyore, Eurovickk, Inspecktor, JGcarv, John, Jorgect, Kaysoft, LosPollosHermanos, MohammedRizwan, Qeew, QiuhaoLi, Rolezn, TheSavageTeddy, Topmark, Trust, Udsen, a3yip6, alexzoid, bigtone, codegpt, erebus, fatherOfBlocks, ginlee, glcanvas, hunter_w3b, josephdara, kaveyjoe, kutugu, mahdirostami, max10afternoon, oakcobalt, peanuts, pfapostol, ptsanev, qpzm, radev_sw, ravikiranweb3, sces60107, seth_lawson, te_aut, twcctop, zhaojie, ziyou-
17.5208 USDC - $17.52
https://github.com/code-423n4/2023-07-basin/blob/main/src/Well.sol#L632-L637
_tokens.length is not checked whether it is small than reserves.length or not. If tokens.length is small than reserves length, it will lead to revert on valid data.
https://github.com/code-423n4/2023-07-basin/blob/main/src/Well.sol#L632-L637
Manual Review
add _tokens.length check require statement on start of this function.
function _setReserves(IERC20[] memory _tokens, uint256[] memory reserves) internal { + require( _tokens.length == reserves.length, "Invalid Reserves Length"); for (uint256 i; i < reserves.length; ++i) { ... } }
Invalid Validation
#0 - c4-pre-sort
2023-07-12T04:43:46Z
141345 marked the issue as duplicate of #37
#1 - c4-pre-sort
2023-07-13T12:11:07Z
141345 marked the issue as duplicate of #294
#2 - c4-judge
2023-08-03T21:21:38Z
alcueca changed the severity to QA (Quality Assurance)
#3 - c4-judge
2023-08-05T21:29:56Z
alcueca marked the issue as grade-a