Sparkn

CodeFox Inc.

DeFiFoundryProxy

15,000 USDC

View results

Previous Next

Submission Details

Severity: low

Valid

Out of Gas Errors

getitin

Summary

The winners length and percentages length is not checked and this can result in an out of gas error when used in the for loop.

Vulnerability Details

Line 145 of Distributor.sol includes a for loop which can result in an out of gas error if the loop requires more than the block limit gas allowance (30,000,000) to complete. This, in combination with the integer overflows can create an infinite loop as i can continuously overflow and restart the count. Though this may be less likely in this business case, given the fact that the protocol is for anyone to use, it's not easy to avoid this outcome.

Impact

Out of Gas errors which result in many failed transactions and wasted gas.

Tools Used

VS Code

Recommendations

Use OpenZeppelin's SafeMath library for uint256 e.g. using SafeMath for uint256 and specify max lengths for the winners and percentages array.

Prize pool breakdown

Total prize

15,000 USDC

nSLOC

194

77 USDC / LOC

High Medium

14,000 USDC

Low

1,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.