BranchBridgeAgent._normalizeDecimalsMultiple will always revert because of lacking of allocating memory
mediumLines of code
Vulnerability details
Impact
BranchBridgeAgent._normalizeDecimalsMultiple will always revert because of lacking of allocating memory
Proof of Concept
BranchBridgeAgent._normalizeDecimalsMultiple's code as below, because deposits is never allocated memory, the function will always revert
solidityfunction _normalizeDecimalsMultiple(uint256[] memory _deposits, address[] memory _tokens) internal view returns (uint256[] memory deposits) { for (uint256 i = 0; i < _deposits.length; i++) { deposits[i] = _normalizeDecimals(_deposits[i], ERC20(_tokens[i]).decimals()); } }
Tools Used
VS
Recommended Mitigation Steps
solidity@@ -1351,7 +1351,9 @@ view returns (uint256[] memory deposits) { - for (uint256 i = 0; i < _deposits.length; i++) { + uint len = _deposits.length; + deposits = new uint256[](len); + for (uint256 i = 0; i < len; i++) { deposits[i] = _normalizeDecimals(_deposits[i], ERC20(_tokens[i]).decimals()); } }
Assessed type
Error
