Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
code423n4Code4renaCODE423N4:2021-10-MOCHI-FINDINGS-ISSUES-97
HistoryOct 27, 2021 - 12:00 a.m.

ReferralFeePoolV0.sol#claimRewardAsMochi() Array out of bound exception

2021-10-2700:00:00
Code4rena
github.com
4
JSON

Handle

WatchPug

Vulnerability details

function claimRewardAsMochi() external {
    IUSDM usdm = engine.usdm();
    address[] memory path = new address[](2);
    path[0] = address(usdm);
    path[1] = uniswapRouter.WETH();
    path[2] = address(engine.mochi());
    usdm.approve(address(uniswapRouter), reward[msg.sender]);
    // we are going to ingore the slippages here
    uniswapRouter.swapExactTokensForTokens(
        reward[msg.sender],
        1,
        path,
        address(this),
        type(uint256).max
    );

In ReferralFeePoolV0.sol#claimRewardAsMochi(), path is defined as an array of length 2 while it should be length 3.

As a result, at L33, an out-of-bound exception will be thrown and revert the transaction.

Impact

claimRewardAsMochi() will not work as expected so that all the referral fees cannot be claimed but stuck in the contract.

The text was updated successfully, but these errors were encountered:

All reactions

JSON