Skip to content

Latest commit

 

History

History
35 lines (18 loc) · 1.46 KB

038.md

File metadata and controls

35 lines (18 loc) · 1.46 KB

moneyversed

medium

Missing input validation

Summary

There is no input validation for the _marketId parameter in the isTrustedMarketForwarder, hasApprovedMarketForwarder, _msgSenderForMarket, and _msgDataForMarket functions. This may lead to unexpected behavior or vulnerabilities.

Vulnerability Detail

The isTrustedMarketForwarder, hasApprovedMarketForwarder, _msgSenderForMarket, and _msgDataForMarket functions lack input validation for the _marketId parameter. This could result in unexpected behavior or vulnerabilities in the platform.

Impact

Missing input validation could lead to unexpected behavior, vulnerabilities, or potential exploits in the platform.

Code Snippet

https://github.com/sherlock-audit/2023-03-teller/blob/main/teller-protocol-v2/packages/contracts/contracts/TellerV2Context.sol#L38

https://github.com/sherlock-audit/2023-03-teller/blob/main/teller-protocol-v2/packages/contracts/contracts/TellerV2Context.sol#L54

https://github.com/sherlock-audit/2023-03-teller/blob/main/teller-protocol-v2/packages/contracts/contracts/TellerV2Context.sol#L103

https://github.com/sherlock-audit/2023-03-teller/blob/main/teller-protocol-v2/packages/contracts/contracts/TellerV2Context.sol#L130

Tool used

Manual Review

Recommendation

Add input validation for the _marketId parameter in the mentioned functions to ensure the provided data is valid and safe to use. This will help prevent unexpected behavior and improve the security of the platform.