3 matches found
Malicious actors could pass in huge arrays to disrupt service availability (DOS) in the updateVotingPower function
Lines of code Vulnerability details Impact The contract is stopped from being usable by legitimate users if the attacker repeatedly spammed large arrays Proof of Concept The updateVotingPower function currently only checks that the array is = 50: While 50 may be a reasonable limit for normal usag...
JBPayoutRedemptionPaymentTerminal#processFees may run out of gas and revert due to long list of _heldFeesOf[_projectId]
Lines of code Vulnerability details Proof of Concept // Get a reference to the project's held fees. JBFee memory heldFees = heldFeesOfprojectId; // Delete the held fees. delete heldFeesOfprojectId; // Push array length in stack uint256 heldFeeLength = heldFees.length; // Process each fee. for...
Out of gas.
Handle Jujic Vulnerability details Impact There is no upper limit on allMarkets, it increments each time when a new market is added. Eventually, as the count of markets increases, gas cost of smart contract calls will raise until reaching an "Out of Gas" error or a "Block Gas Limit" in the worst...