Sparkn

CodeFox Inc.

DeFiFoundryProxy

15,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Potential unbounded array iteration in constructor

imkapadia

Summary

The ProxyFactory contract's constructor iterates over the _whitelistedTokens[] without explicitly checking its length. This could lead to unbounded iteration and potential gas exhaustion if the _whitelistedTokens[] too much addresses inserted.

Vulnerability Details

In ProxyFactory contract code, the constructor attempts to iterate over the _whitelistedTokens[] to whitelist the specified tokens. However, the constructor doesn't include a check to ensure that the array is not full of token addresses that consume more gas and leads to out of gas error. It is noted that constructor checks that _whitelistedTokens[] is non-empty.

Impact

Unbounded iteration can lead to excessive gas consumption.
Transactions that call the constructor with too much addresses, _whitelistedTokens[] may fail due to out-of-gas errors.
The contract deployment process may become expensive or infeasible if gas limits are exceeded.

Tools Used

Recommendations

Add a condition at the beginning of the constructor to check the length of _whitelistedTokens[]. If the length is too much that consumes lot of gas then revert.

Prize pool breakdown

Total prize

15,000 USDC

nSLOC

194

77 USDC / LOC

High Medium

14,000 USDC

Low

1,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.