First Flight #2: Puppy Raffle
First Flight #2
Beginner FriendlyFoundryNFT
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Valid

Nested Loop is not gas efficient which causes Denial of Service (DOS)

0x0bserver

Summary

Vulnerability Details

for (uint256 i = 0; i < players.length - 1; i++) {
for (uint256 j = i + 1; j < players.length; j++) {

Process to find the duplicate players in function enterRaffle is not gas efficient, it has O(n^2) time complexity which is quite slow. As more players are added in players variable, more gas it will take to execute the whole function. At one point, the rewards will not be able to match the gas cost of this function due to which no new player will be interested to participate in PuppyRaffle. Hence, resulting in Denial of Service.

Impact

Players/Users will not be able to participate in PuppyRaffle due to high gas costs.

Tools Used

Manual Review

Recommendations

Initiate a mapping to record the players which can be checked in O(n) time complexity.

- for (uint256 i = 0; i < players.length - 1; i++) {
- for (uint256 j = i + 1; j < players.length; j++) {
+ mapping(address=>bool) activeplayers;
+ for (uint256 i = 0; i < newPlayers.length - 1; i++) {
+ if(activeplayers[newPlayers[i]]) {revert();}
Updates

Lead Judging Commences

Hamiltonite Lead Judge over 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

denial-of-service-in-enter-raffle

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.