Picodes - `voucherIndexes` is incorrectly updated #160

sherlock-admin · 2022-11-04T10:22:45Z

Picodes

high

`voucherIndexes` is incorrectly updated

Summary

In cancelVouch, voucherIndexes is incorrectly update, messing up the whole accountability and ultimately leading to loss of funds for stakers

Vulnerability Detail

Here, vouchers[borrower][vouchers[borrower].length - 1] is moved but
voucherIndexes is not updated. So the user that created vouchers[borrower][vouchers[borrower].length - 1] cannot modify this voucher anymore has voucherIndexes is incorrect.

Impact

Affected users will not be able to close or update their trust amounts anymore, hence will lose funds.

Tool used

Manual Review

Recommendation

Add the following line:

voucherIndexes[borrower][vouchers[borrower][vouchers[borrower].length - 1].staker].idx = voucherIndex.idx

Duplicate of #157

The text was updated successfully, but these errors were encountered:

sherlock-admin added Duplicate Medium labels Nov 4, 2022

sherlock-admin closed this as completed Nov 4, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Picodes - `voucherIndexes` is incorrectly updated #160

Picodes - `voucherIndexes` is incorrectly updated #160

sherlock-admin commented Nov 4, 2022 •

edited

Loading

Picodes - voucherIndexes is incorrectly updated #160

Picodes - voucherIndexes is incorrectly updated #160

Comments

sherlock-admin commented Nov 4, 2022 • edited Loading

voucherIndexes is incorrectly updated

Summary

Vulnerability Detail

Impact

Tool used

Recommendation

Picodes - `voucherIndexes` is incorrectly updated #160

Picodes - `voucherIndexes` is incorrectly updated #160

sherlock-admin commented Nov 4, 2022 •

edited

Loading

`voucherIndexes` is incorrectly updated