should check the length of step range and length of step price matches

Severity

LOW/QA

Vulnerability Detail

one crucial aspect is ensuring that the length of the 'step range' array matches the length of the 'step price' array. This is vital for maintaining the contract’s logical consistency, as a mismatch between these arrays can lead to calculation errors or vulnerabilities within the contract's execution. Therefore, this validation step is essential to safeguard the contract against potential exploits or unintended behaviors resulting from array length discrepancies.

Links to affected code

mint.club-v2-contract/contracts/MCV2_Bond.sol

Lines 182 to 204 in 25ed197

    
           function _setBond(address token, BondParams calldata bp) private { 
        
               // Set token bond data 
        
               Bond storage bond = tokenBond[token]; 
        
               bond.creator = _msgSender(); 
        
               bond.royalty = bp.royalty; 
        
               bond.createdAt = uint40(block.timestamp); 
        
               bond.reserveToken = bp.reserveToken; 
        
               for (uint256 i = 0; i < bp.stepRanges.length; ++i) { 
        
                   if (bp.stepRanges[i] == 0) revert MCV2_Bond__InvalidStepParams('STEP_CANNOT_BE_ZERO'); 
        
                   // Ranges and prices must be strictly increasing 
        
                   if (i > 0) { 
        
                       if (bp.stepRanges[i] <= bp.stepRanges[i - 1]) revert MCV2_Bond__InvalidStepParams('DECREASING_RANGE'); 
        
                       if (bp.stepPrices[i] <= bp.stepPrices[i - 1]) revert MCV2_Bond__InvalidStepParams('DECREASING_PRICE'); 
        
                   } 
        
                   bond.steps.push(BondStep({ 
        
                       rangeTo: bp.stepRanges[i], 
        
                       price: bp.stepPrices[i] 
        
                   })); 
        
               } 
        
           }

Recommendation

function _setBond(address token, BondParams calldata bp) private {
        // Set token bond data
	...
+       require(bp.stepRanges.length == bp.stepPrices.length, "!Length Match")

        for (uint256 i = 0; i < bp.stepRanges.length; ++i) {
            if (bp.stepRanges[i] == 0) revert MCV2_Bond__InvalidStepParams('STEP_CANNOT_BE_ZERO');

            // Ranges and prices must be strictly increasing
            if (i > 0) {
                if (bp.stepRanges[i] <= bp.stepRanges[i - 1]) revert MCV2_Bond__InvalidStepParams('DECREASING_RANGE');
                if (bp.stepPrices[i] <= bp.stepPrices[i - 1]) revert MCV2_Bond__InvalidStepParams('DECREASING_PRICE');
            }
	...
        }
    }

It's already there on _validateBondParams function:
https://github.com/Steemhunt/mint.club-v2-contract/blob/main/contracts/MCV2_Bond.sol#L173

Yes I confirm is already on _validateBondParams function

	function _setBond(address token, BondParams calldata bp) private {
	// Set token bond data
	Bond storage bond = tokenBond[token];
	bond.creator = _msgSender();
	bond.royalty = bp.royalty;
	bond.createdAt = uint40(block.timestamp);
	bond.reserveToken = bp.reserveToken;

	for (uint256 i = 0; i < bp.stepRanges.length; ++i) {
	if (bp.stepRanges[i] == 0) revert MCV2_Bond__InvalidStepParams('STEP_CANNOT_BE_ZERO');

	// Ranges and prices must be strictly increasing
	if (i > 0) {
	if (bp.stepRanges[i] <= bp.stepRanges[i - 1]) revert MCV2_Bond__InvalidStepParams('DECREASING_RANGE');
	if (bp.stepPrices[i] <= bp.stepPrices[i - 1]) revert MCV2_Bond__InvalidStepParams('DECREASING_PRICE');
	}

	bond.steps.push(BondStep({
	rangeTo: bp.stepRanges[i],
	price: bp.stepPrices[i]
	}));
	}
	}