F-2026-0019·inverted-condition

Broken logic in Bridge::getLatestEntryByPrerotatedKeyHash

Fixedbridgecross-chainkey-registrygithub.com/pdxwebdev/yadakeyeventwallet
TL;DR

The require check expects idx == 0 even though idx is sourced from the latest-key index mapping, so the function reverts whenever a non-zero (i.e., real) index is found.

Severity
LOW
Impact
LOW
Likelihood
HIGH
Method
MManual review
CAT.
Complexity
LOW
Exploitability
LOW
02Section · Description

Description

The function Bridge::getLatestEntryByPrerotatedKeyHash is intended to return the latest key rotation entry for a given prerotatedKeyHash. However, the logic is backwards. It checks:

solidity
require(idx == 0, "Not the latest key rotation.");

Here, idx comes from byPublicKeyHash[currentAddress]. This should be the latest key as idx is supposed to be non zero, and so the function fails and reverts.

03Section · Recommendation

Recommendation

Remove the require statement and simply return the entry:

solidity
function getLatestEntryByPrerotatedKeyHash(address prerotatedKeyHash)
public view returns (KeyLogEntry memory, bool) {
    uint256 idx = byPrerotatedKeyHash[prerotatedKeyHash];
    if (idx == 0) {
        idx = byTwicePrerotatedKeyHash[prerotatedKeyHash];
        if (idx == 0) {
            KeyLogEntry memory emptyEntry;
            return (emptyEntry, false);
        }
    }
    KeyLogEntry memory entry = keyLogEntries[idx - 1];
    return (entry, true);
}
04Section · Resolution

Resolution

YadaCoin, Confirmed.

Zealynx, Fixed.

Status
Fixed
ZEALYNX SECURITY · published 2026-03-05
F-2026-0019

oog
zealynx

Smart Contract Security Digest

Monthly exploit breakdowns, audit checklists, and DeFi security research — straight to your inbox

REQUEST AN AUDIT

Quick Links

Services

Company

Resources

© 2026 Zealynx