DittoETH
Ditto
DeFiFoundryOracle
55,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Potential Gas Limit Issue in combineShorts Function

0xch

Summary

Potential Gas Limit Issue in combineShorts Function

Vulnerability Details

Gas limit vulnerability (File Path: 2023-09-ditto/contracts/facets/ShortRecordFacet.sol
Line: 123)

The combineShorts function does loop over the ids array without checking its length. If the array is too large, the function could indeed run out of gas, causing the transaction to fail.

Impact

If a function performs too many operations, such as looping over a large array, it could exceed this limit, causing the transaction to fail.

Tools Used

Manual

Recommendations

To resolve this issue, you could implement a limit on the size of the ids array that can be passed to the combineShorts function. This would prevent the function from iterating over an excessively large array and potentially exceeding the gas limit.

Here is a simple way to implement this:

uint256 constant MAX_SHORTS_COMBINE = 50; // Set a reasonable limit
function combineShorts(address asset, uint8[] memory ids)
external
isNotFrozen(asset)
nonReentrant
onlyValidShortRecord(asset, msg.sender, ids[0])
{
require(ids.length <= MAX_SHORTS_COMBINE, "Too many shorts to combine");
// Rest of the function...
}

This change ensures that the combineShorts function will not attempt to combine more than MAX_SHORTS_COMBINE shorts at once, preventing potential gas limit issues. The exact limit can be adjusted based on your specific needs and gas usage of the function.

Updates

Lead Judging Commences

0xnevi Lead Judge
over 1 year ago
0xnevi Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Out of Gas

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.