Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
code423n4Code4renaCODE423N4:2023-09-VENUS-FINDINGS-ISSUES-653
HistoryOct 04, 2023 - 12:00 a.m.

Gas Limit Issues/DoS with Block Gas Limit

2023-10-0400:00:00
Code4rena
github.com
2
gas limit
dos
block gas limit
iterating users array
allmarkets
excessive gas
costly
denial of service
mitigation steps
code review

AI Score

7

Confidence

High

JSON

Lines of code
<https://github.com/code-423n4/2023-09-venus/blob/b11d9ef9db8237678567e66759003138f2368d23/contracts/Tokens/Prime/Prime.sol#L335&gt;

Vulnerability details

Impact

Detailed description of the impact of this finding.

  • Iterating through the users array without a limitation might cause the function to consume a lot of gas, especially when the array size is large. It may potentially reach the block gas limit and get reverted.

  • Iterating through _allMarkets inside the user loop further amplifies gas usage.

Proof of Concept

An attacker can enlist using many account which migh lead to a large users array. Or, there might be a lot of users that use the platform.
This might consume excessive gas, leading to unintentionally high costs for legitimate callers, or even denial of service (DoS) if it hits block gas limits.

Tools Used

Code review

Recommended Mitigation Steps

  • Implement some restriction on the users array

Assessed type

DoS

The text was updated successfully, but these errors were encountered:

All reactions

AI Score

7

Confidence

High

JSON