Skip to content

Latest commit

 

History

History
58 lines (35 loc) · 1.45 KB

066.md

File metadata and controls

58 lines (35 loc) · 1.45 KB

Lone Mint Kookaburra

Medium

The latest loan always missing in getAllLoans return data.

Summary

The getAllLoans function in the DebitaV3Aggregator contract always omits the latest loan in its returned array, regardless of the offset and limit values provided. This results in incomplete data and unreliable results when querying all loans.

Root Cause

https://github.com/sherlock-audit/2024-11-debita-finance-v3/tree/main/Debita-V3-Contracts/contracts/DebitaV3Aggregator.sol#L693-L719

  • In DebitaV3Aggregator.sol:708, there is conditional error.
if ((i + offset + 1) >= loanID) {  
    break;  
}  

This condition prematurely terminates the loop when the index i + offset + 1 equals loanID

Internal pre-conditions

No response

External pre-conditions

No response

Attack Path

No response

Impact

  • The latest loan data is always missing from the returned loans array, causing incomplete data retrieval for users or external systems.
  • This bug affects data integrity, making the function unreliable for querying the full set of loans.
  • Depending on the application logic, this may lead to financial misrepresentation or operational errors when using this function's output.

PoC

No response

Mitigation

Update the conditional logic to allow the loop to iterate through loanID inclusively. Replace:

- if ((i + offset + 1) >= loanID) {  
+if ((i + offset) >= loanID) {  
    break;  
}