Improper Deletion of Elements in Array Could Bring DOS in `repay()`
Summary
The present implementation of the delete operation in the repay function is flawed.
Instead of completely removing the element from the array, it merely assigns a value of 0 to the specified index, resulting in the retention of the element within the array's memory space. This is concerning regarding the potential array size over time, as the accumulation of elements with zero values may lead to a significant increase which in turn increases gas cost to iterate through the array elements.
Vulnerability Details
The current method of deleting elements from a public array storing users' data poses safety concerns. Over time, the array's length may grow significantly, potentially leading to a Denial of Service (DOS) for users attempting to repay their loans. This breakdown in functionality could result in larger losses due to increasing interest on unpaid loans. It is imperative to address this issue promptly to ensure the array's integrity and maintain uninterrupted loan repayment functionality.
Impact
Increasing interest on unpaid loans leads to larger losses for users.
Tools Used
Manual Review
Recommendations
Using this method of removing elements from an array.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.