Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OlaHamid - [H-2] Local var numFacet in the DiamondLoupFacet.sol:facets function is set to zero, desrupting the total logic of the code. #63

Open
sherlock-admin4 opened this issue Oct 8, 2024 · 0 comments
Open

OlaHamid - [H-2] Local var numFacet in the DiamondLoupFacet.sol:facets function is set to zero, desrupting the total logic of the code. #63

sherlock-admin4 opened this issue Oct 8, 2024 · 0 comments

Comments

@sherlock-admin4
Copy link

sherlock-admin4 commented Oct 8, 2024
edited by sherlock-admin3
Loading

OlaHamid

High

[H-2] Local var numFacet in the DiamondLoupFacet.sol:facets function is set to zero, desrupting the total logic of the code.

Summary

Description: Identified a vulnerability in the facets function where the variable numFacets is initialized to zero but is subsequently used in loop logic. This leads to the function logic being disrupted and not functioning as intended.

Root Cause

local variable numFacets in the DiamondLoupFacet.sol:facets function set to zero.

Internal pre-conditions

Internal Pre-conditions for DiamondLoupFacet.sol:facets Vulnerability

  1. Developer needs to initialize numFacets to zero in the facets function.
  2. Function logic relies on numFacets for loop execution.
  3. No proper assignment to numFacets before it is used in the loop condition.

Example:

  • Developer needs to initialize numFacets to zero in the facets function.
  • Function logic relies on numFacets for loop execution.
  • No proper assignment to numFacets before it is used in the loop condition.

External pre-conditions

No response

Attack Path

No response

Impact

No response

PoC

Proof of Concept:
The vulnerability arises because numFacets is set to zero initially and is used in a loop condition. Without proper initialization or assignment, the loops relying on numFacets fail to execute correctly, breaking the function’s intended logic.

    uint256 numFacets; // Initialized to zero
// Further code relies on numFacets
for (uint256 facetIndex = 0; facetIndex < numFacets; facetIndex++) {
    // Loop logic
}

Mitigation

Recommended Mitigation:

    function facets() external view override returns (Facet[] memory facets_) {
		LibDiamond.DiamondStorage storage ds = LibDiamond.diamondStorage();
		uint256 selectorCount = ds.selectors.length;
		// create an array set to the maximum size possible
            		facets_ = new Facet[](selectorCount);
		// create an array for counting the number of selectors for each facet
		uint8[] memory numFacetSelectors = new uint8[](selectorCount);
		// total number of facets
		// @audit numFacets not initialised, breaks the current function
		// @mitigation creaate a numFacet to be equal to facets_.length 
-		uint256 numFacets;  
+       uint256 numFacets = facets_.length; // Properly initialize numFacets
@sherlock-admin3 sherlock-admin3 changed the title Shambolic Marigold Mockingbird - [H-2] Local var numFacet in the DiamondLoupFacet.sol:facets function is set to zero, desrupting the total logic of the code. OlaHamid - [H-2] Local var numFacet in the DiamondLoupFacet.sol:facets function is set to zero, desrupting the total logic of the code. Oct 18, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sherlock-admin4