#46570 [SC-Insight] account list DoS issue
Description
Brief/Intro
Vulnerability Details
fn _add_new_account_if_not_exists(
ref self: ComponentState<TContractState>, account_address: ContractAddress,
) -> bool {
let current_account_address = self
.Paraclear_account
.entry(account_address)
.account_address
.read();
if !current_account_address.is_zero() {
return true;
}
let current_tail = self.Paraclear_account_tail.read();
let new_account = Account {
account_address: account_address, prev: current_tail, next: Zero::zero(),
};
self.Paraclear_account.write(account_address, new_account);
self.Paraclear_account_tail.write(account_address);
if !current_tail.is_zero() {
let tail_account = self.Paraclear_account.read(current_tail);
self
.Paraclear_account
.write(
current_tail,
Account {
account_address: current_tail,
prev: tail_account.prev,
next: account_address,
},
);
}
true
}
Impact Details
Proof of Concept
Proof of Concept
Previous#46611 [SC-Insight] Missing staleness checks in oracle queriesNext#46639 [SC-Low] The `_settlement_fee_payments` function contains a calculation error that leads to abnormal user balances.
Was this helpful?