Lucene search

K
code423n4Code4renaCODE423N4:2023-09-VENUS-FINDINGS-ISSUES-653
HistoryOct 04, 2023 - 12:00 a.m.

Gas Limit Issues/DoS with Block Gas Limit

2023-10-0400:00:00
Code4rena
github.com
2
gas limit
dos
block gas limit
iterating users array
allmarkets
excessive gas
costly
denial of service
mitigation steps
code review

7 High

AI Score

Confidence

High

Lines of code
<https://github.com/code-423n4/2023-09-venus/blob/b11d9ef9db8237678567e66759003138f2368d23/contracts/Tokens/Prime/Prime.sol#L335&gt;

Vulnerability details

Impact

Detailed description of the impact of this finding.

  • Iterating through the users array without a limitation might cause the function to consume a lot of gas, especially when the array size is large. It may potentially reach the block gas limit and get reverted.

  • Iterating through _allMarkets inside the user loop further amplifies gas usage.

Proof of Concept

An attacker can enlist using many account which migh lead to a large users array. Or, there might be a lot of users that use the platform.
This might consume excessive gas, leading to unintentionally high costs for legitimate callers, or even denial of service (DoS) if it hits block gas limits.

Tools Used

Code review

Recommended Mitigation Steps

  • Implement some restriction on the users array

Assessed type

DoS


The text was updated successfully, but these errors were encountered:

All reactions

7 High

AI Score

Confidence

High