seerether
high
In the setNewToken function, when a new token is added, the code determines whether the token is stable or not and then appends the new price to the corresponding price slot (tokenPriceStable or tokenPriceNS). However, there are no checks to ensure that the new price is inserted at the correct position within the slot or that the slot has enough capacity to accommodate the new price.
In the setNewToken function, the new token's price information is stored in the state.tokenMMInfoMap[token] mapping, and the token's index is recorded in the state.priceListInfo.tokenIndexMap[token] mapping. The token's price is then added to the appropriate price slot based on its stability (stableOrNot) in the state.priceListInfo.tokenPriceNS or state.priceListInfo.tokenPriceStable arrays. The vulnerability arises when multiple tokens are added in succession using the setNewToken function. The function through the stickerprice does not check if the slot has enough capacity to accommodate the new price, nor does it ensure that the new price is appended correctly to the existing price slot. As a result, if the slot is full or if the new price is not correctly added to the slot, the price data will be corrupted or inconsistent.
This will lead to overwriting or corrupting existing price data, potentially causing incorrect price calculations or loss of funds.
Manual Review
Use a modified function which checks the capacity of the price slot for stable or non-stable tokens before adding a new token. If the maximum number of stable or non-stable tokens has been reached, it will revert the transaction with an appropriate error message. https://github.com/seerether/Dodo/blob/b22d985b7ef469757ff9793281e347de6b0073f1/Dodomitigate1#L15-L20C3