strategiesLength should not be allowed to exceed MAX_STRATS #110

code423n4 · 2021-07-07T21:24:30Z

Handle

pauliax

Vulnerability details

Impact

function setStrategiesLength should check that the value is not above MAX_STRATS. Now admin can set any arbitrary value for strategiesLength. The number of iterations in loops relies on this value so if it becomes too high, a block gas limit may be exceeded. Thus it makes sense to explicitly enforce the limit with MAX_STRATS.

Recommended Mitigation Steps

require _strategiesLength <= MAX_STRATS

kitty-the-kat · 2021-07-14T15:25:11Z

either non-critical or no an issue.
This issue relies on malicious governance that woulnt be behind a timelock. Would also not block out any ability to save assets from the vault.

ghoul-sol · 2021-07-26T03:57:07Z

The problem is presented from different view but is essentially the result of #17 so it's non-critical.

code423n4 added 1 (Low Risk) bug Something isn't working labels Jul 7, 2021

code423n4 added a commit that referenced this issue Jul 7, 2021

pauliax issue #110

19b1c49

kitty-the-kat added disagree with severity sponsor disputed labels Jul 14, 2021

ghoul-sol added 0 (Non-critical) and removed 1 (Low Risk) labels Jul 26, 2021

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

strategiesLength should not be allowed to exceed MAX_STRATS #110

strategiesLength should not be allowed to exceed MAX_STRATS #110

code423n4 commented Jul 7, 2021

kitty-the-kat commented Jul 14, 2021

ghoul-sol commented Jul 26, 2021

strategiesLength should not be allowed to exceed MAX_STRATS #110

strategiesLength should not be allowed to exceed MAX_STRATS #110

Comments

code423n4 commented Jul 7, 2021

Handle

Vulnerability details

Impact

Recommended Mitigation Steps

kitty-the-kat commented Jul 14, 2021

ghoul-sol commented Jul 26, 2021