Sparkn

Summary

Potential Gas Limit Vulnerability and Griefing Attack in _distribute() Function due to Unbounded Loop.

Vulnerability Details

1. Unbounded Loops: The _distribute() function contains two loops that iterate over the winners and percentages arrays without any constraint on the array size. If the array size becomes too large, the transaction may exceed the Ethereum block gas limit, resulting in a failed transaction. The comment in the code mentions that "winners and percentages array are supposed not to be so long, so the loop can stay unbounded," but this assumption could be problematic.

2. Gas Griefing: If a malicious actor can influence the size of the winners or percentages arrays, they can make it extremely large, intentionally causing the _distribute() function to fail due to gas limits. This can halt the distribution process.

Impact

1. Failed Distributions: If the size of the arrays is too large, the distribution process can fail, preventing winners from receiving their rewards.

2. Wasted Gas: Each time the function is called with large arrays, it will consume and waste gas, resulting in financial costs to the caller.

3. Denial of Service: A malicious actor can repeatedly call the function with large arrays, causing repeated failures and effectively blocking legitimate distributions.

Tools Used

Manual code review.

Recommendations

1. Impose a Maximum Length: Limit the length of the winners and percentages arrays. Determine a reasonable maximum length for these arrays based on typical usage patterns and the gas consumption of the loop operations.

2. Paginated Distribution: Consider breaking the distribution process into smaller chunks. Allow the distribution to be processed in multiple transactions, each handling a subset of winners.

3. External Calculation: Instead of calculating total percentages on-chain, consider requiring the caller to provide the total and validate it on-chain. This can save some gas.

4. Gas Checks: Implement gas checks within the loop to ensure that there's enough gas left for subsequent operations, and potentially halt or revert the transaction if it's about to run out of gas.