First Flight #2: Puppy Raffle

First Flight #2

Beginner FriendlyFoundryNFT

100 EXP

View results

Previous Next

Submission Details

Severity: medium

Invalid

Potential GAS DoS risk due to storage variable being used inside nested loop.

0xscsamurai

Summary

Potential GAS DoS risk due to storage variable being used inside nested loop.

Vulnerability Details

3 affected functions that could be DoS'ed if the array length is large enough, which may not be that large:

enterRaffle(), getActivePlayerIndex(), _isActivePlayer().

Nested for loop accessing a storage variable during each loop, this could relatively easily lead to high gas costs at best or DoS of function due to gas limit reached revert:

enterRaffle():

for (uint256 i = 0; i < players.length - 1; i++) {

for (uint256 j = i + 1; j < players.length; j++) {

require(players[i] != players[j], "PuppyRaffle: Duplicate player");

}

Lower risk of gas limit reached induced DoS here, but same recommendations apply:

getActivePlayerIndex();

for (uint256 i = 0; i < players.length; i++) {

if (players[i] == player) {

return i;

}

_isActivePlayer():

for (uint256 i = 0; i < players.length; i++) {

if (players[i] == msg.sender) {

return true;

}

Impact

3 affected functions that could be DoS'ed if the array length is large enough, which may not be that large:

enterRaffle(), getActivePlayerIndex(), _isActivePlayer().

Worst case scenario is a bunch of friends wont be able to join the raffle if the friend group is too large.

Tools Used

VSC.

Recommendations

Cache the players.length into a memory variable:

uint256 playersLength = players.length;

And then use the cached variable in the for loops:

++ uint256 playersLength = players.length;

++ for (uint256 i = 0; i < playersLength - 1; i++) {

++ for (uint256 j = i + 1; j < playersLength; j++) {

require(players[i] != players[j], "PuppyRaffle: Duplicate player");

}

Updates

Lead Judging Commences

Hamiltonite Lead Judge over 1 year ago

Submission Judgement Published

Invalidated

Reason: Gas optimizations

0xscsamurai Submitter

over 1 year ago

patrickalphac Lead Judge

over 1 year ago

Hamiltonite Lead Judge over 1 year ago

Submission Judgement Published

Invalidated

Reason: Gas optimizations

Hamiltonite Lead Judge over 1 year ago

Submission Judgement Published

Invalidated

Reason: Gas optimizations

Rewards breakdown

nSLOC

143

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.