Amusing Silver Tadpole
Medium
Affected Line of Code: https://github.com/sherlock-audit/2025-01-aave-v3-3/blob/main/aave-v3-origin/src/contracts/protocol/libraries/logic/ValidationLogic.sol#L333-L345
The validateFlashloan function fails to revert when provided with empty arrays for assets and amounts, which can lead to unintended behavior or incorrect function execution.
Severity: Medium Impact: Medium Likelihood: Low to Medium
The validateFlashloan function does not handle the case where the assets or amounts arrays are empty. Although the function checks that the lengths of the arrays match, it does not verify that the arrays are non-empty. This can result in the function proceeding without the necessary validation or revert, potentially allowing for faulty operations or incorrect contract behavior.
This issue can lead to the function executing incorrectly with invalid or empty input, potentially causing issues in the flow of the contract or allowing for exploitation by malicious actors to manipulate the flashloan process.
The failure to revert when empty arrays are provided breaks the contract's ability to ensure valid input and prevents the function from properly rejecting invalid flashloan requests. The absence of a revert in this scenario can cause the function to continue executing, leading to potentially faulty operations and invalid flashloan transactions. This impacts the correctness and reliability of the contract.
The issue is critical enough to cause logical errors in the contract but does not directly lead to catastrophic failures or vulnerabilities such as loss of funds or immediate exploits. It does, however, break the intended logic and could have adverse effects if not fixed.
The likelihood of this bug being exploited depends on the nature of the contract's usage. If empty arrays are provided by mistake or as part of a faulty interaction, the contract may fail to properly handle the invalid input. A malicious actor could exploit this flaw by providing empty arrays, potentially causing unexpected behavior. However, it is relatively unlikely that this would occur without direct interaction with the contract’s functions.
Here is the test that demonstrates the failure of the contract when empty arrays are provided:
function testEmptyArrays() public {
address[] memory assets;
uint256[] memory amounts;
// Expect revert due to empty arrays
vm.expectRevert("INCONSISTENT_FLASHLOAN_PARAMS");
// Call the validateFlashloan function from the ValidationLogic library on the reservesData mapping
reservesData.validateFlashloan(assets, amounts); // Call on the correct mapping
}Test Result:
[FAIL: next call did not revert as expected] testEmptyArrays() (gas: 3261)
Suite result: FAILED. 0 passed; 1 failed; 0 skipped; finished in 52.78ms (38.01ms CPU time)The test shows that the function does not revert as expected when empty arrays are passed, causing the test to fail.
To fix this issue, the function should explicitly check for empty arrays before proceeding with any other operations. Adding a condition to ensure that both arrays are non-empty would prevent this behavior. Here is a possible fix:
require(assets.length > 0, Errors.EMPTY_FLASHLOAN_PARAMS);
require(amounts.length > 0, Errors.EMPTY_FLASHLOAN_PARAMS);This ensures that the function will revert immediately if either of the arrays is empty, preventing faulty execution.