17 matches found
Users may be unable to claim their rewards and add/remove liquidity due exceeding gas limit
Lines of code Vulnerability details Impact If a user provides liquidity on ticks which are entered and exited a large number of times, the gas required to call the accrueConcentratedPositionTimeWeightedLiquidity can exceed the block gas limit. Proof of Concept The...
Gas Limit Issues/DoS with Block Gas Limit
Lines of code Vulnerability details Impact Detailed description of the impact of this finding. Iterating through the users array without a limitation might cause the function to consume a lot of gas, especially when the array size is large. It may potentially reach the block gas limit and get...
Gas Cost Vulnerability
Lines of code Vulnerability details The fuse function iterates through the provided characterList to check for duplicate characters and validate the trays. If the length of characterList is too high, the gas cost for executing the fuse function will also be high, potentially reaching the block ga...
An attacker can lock operator out of the pod by setting gas limit that's higher than the block gas limit of dest chain
Lines of code Vulnerability details When a beaming job is executed, there's a requirement that the gas left would be at least as the gasLimit set by the user. Given that there's no limit on the gasLimit the user can set, a user can set the gasLimit to amount that's higher than the block gas limit...
An attacker taking over the timelock_address or the owner address will result in DoS and unusable contract (frxETHMinter).
Lines of code Vulnerability details Impact Actions described in the POC result in DoS, if an attacker takes over one of the two "admin" addresses. Proof of Concept By taking over the timeLock or the owner address, the attacker will have access to the following functions moveWithheldETH,...
Deniel of service with block gas limit.
Lines of code Vulnerability details Impact An array of unknown size can lead to Deniel of service with block gas limit. Proof of Concept When smart contracts are deployed or functions inside them are called, the execution of these actions always requires a certain amount of gas, based of how much...
Unbounded loop on array can lead to DoS
Lines of code Vulnerability details Description: As this array can grow quite large, the transaction’s gas cost could exceed the block gas limit and make it impossible to call this function at all a push exist but there's no pop in the solution, that means it will continuously only push which wil...
Calculating project cost is vulnerable to reaching block gas-limit
Lines of code Vulnerability details Impact The function Project.projectCost calculates the project costs by calculating the sum of all project task costs. However, due to the unbound for loop, iterating over a potentially large amount of project tasks, this function can potentially DoS due to...
Unable To Verify Signature If There Are Too Many Signers And Operators
Lines of code Vulnerability details It was observed that there is a nested for loop within the AxelarAuthWeighted.validateSignatures function. If there are a large number of signatures and operators, it will result in an "Out of Gas" error or a "Block Gas Limit" error and the command's signature...
Sending batch withdrawal requests can possibly DoS
Lines of code Vulnerability details Impact The function BatchRequests.sendWithdrawalRequests allows calling the sendWithdrawalRequests function on all of the Yieldy contracts at once. However, due to the unbounded for loop, if many Yieldy contracts are added to contracts, this function can...
UpdateReward Modifier is brickable
Lines of code Vulnerability details Impact Detailed description of the impact of this finding. The private variable RewardTokens is an unbounded list of addresses that the modifier updateReward loops over and updates the state variable rewardTokenInfo. The gas consumption can become increasingly...
Unable to updateReward if there are too many rewardTokens
Lines of code Vulnerability details Impact If there are too many rewardTokens, updateReward might run exceed block gas limit and freeze fund since stake and withdraw have the updateReward modifier. Proof of Concept function addReward address rewardToken, address veAssetDeposits, address...
massUpdatePools() is susceptible to DoS with block gas limit
Lines of code Vulnerability details Impact massUpdatePools is a public function and it calls the updatePool function for the length of poolInfo. Hence, it is an unbounded loop, depending on the length of poolInfo. If poolInfo.length is big enough, block gas limit may be hit. Proof of Concept Tool...
A malicious actor can cause DoS with Block Gas Limit and destroy the sale flow also having advantage of buying cheaper price
Lines of code Vulnerability details Impact A malicious actor can cause DoS with Block Gas Limit and mint NFT's on cheaper price as the price drop is in action or destroy the sale flow. Proof of Concept Each block has an upper bound on the amount of gas that can be spent, and thus the amount...
ClearingHouse looping over dynamic array might result in a DOS because of the block gas limit
Lines of code Vulnerability details Impact Inside the ClearingHouse contract there are multiple instances where it loops over the dynamic amms array. There is no way looping over a subset of the array or continuing for you left off. Thus, if the array is large enough certain functions won't be...
Phoswap Token gas has a logic flaw vulnerability
Vulnerability mining supported by the Ministry of Science and Technology National Key R&D Program Topic 2020YFB1005802 The token contract freeze function will gradually increase its gas consumption when it is called multiple times, and when the gas consumption is extremely large, the running cost...
Free Coin has a flawed logic vulnerability
Vulnerability mining supported by the Ministry of Science and Technology National Key R&D Program Topic 2020YFB1005802 The token contract freeze function will gradually increase its gas consumption when it is called multiple times, and when the gas consumption is extremely large, the running cost...