Loops over unbounded arrays in the `Lender.sol` contract can consume all gas and revert transactions.
Summary
Loops over unbounded arrays in the Lender.sol contract can consume all gas and revert transactions.
You can see here 2 very similar High Severity Vulnerabilities from the Carapace contest on Sherlock:
https://github.com/sherlock-audit/2023-02-carapace-judging/issues/160
https://github.com/sherlock-audit/2023-02-carapace-judging/issues/63
Vulnerability Details
In Lender.sol, there are a few for loops that iterate over an unbounded array. This array can be made sufficiently large to exceed the block gas limit, which would cause the transaction to revert. See SWC-128: https://swcregistry.io/docs/SWC-128.
https://github.com/Cyfrin/2023-07-beedle/blob/main/src/Lender.sol#L232C4-L233C55
https://github.com/Cyfrin/2023-07-beedle/blob/main/src/Lender.sol#L292C4-L293C55
https://github.com/Cyfrin/2023-07-beedle/blob/main/src/Lender.sol#L355C4-L359C55
https://github.com/Cyfrin/2023-07-beedle/blob/main/src/Lender.sol#L437C3-L438C55
https://github.com/Cyfrin/2023-07-beedle/blob/main/src/Lender.sol#L548C5-L549C55
https://github.com/Cyfrin/2023-07-beedle/blob/main/src/Lender.sol#L591C4-L592C58
Impact
The loops over an unbounded array can consume all the gas and revert the transaction.
Tools Used
Manual review
Recommendations
To avoid this issue, the for loops in Lender.sol should be modified to iterate over a bounded array. A bounded array is an array that has a fixed size. This will ensure that the for loops cannot consume more gas than the block gas limit, and the transactions will not be reverted.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.