Denial of Service (DoS) Through Large Player Array
Summary
A large players array can lead to a potential Denial of Service (DoS) by causing in main contract functions, such as enterRaffle and getActivePlayerIndex.
This issue is Medium since it can decrease the playersarray size when theselectWinner function is called, it will clearing the players array to length 0.
Vulnerability Details
The vulnerability arises from the size of the players` array, which can impact the contract's functionalities: entering the rafflea and geting the active players.
If the player array is extremely large, this operation can result in high gas costs and reacing the block limit, creating a potential DoS situation that can affect functions like enterRaffle and getActivePlayerIndex.
Impact
The large players array can lead to a DoS situation, causing in contract functions: enterRaffle and getActivePlayerIndex and impeding participants' ability to interact with the contract.
Tools Used
VS Code: Manual
Recommendations
-
Implement measures to limit the size of the
playersarray, ensuring it remains manageable and does not disrupt the contract's operational efficiency. -
Refactor the associated logic that loop through the
playersarray to use another approach such as mapping
Lead Judging Commences
denial-of-service-in-enter-raffle
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.