Setting the maximum amount of loops to a variable that only ever grows in size, namely lastLockId will eventually exceed the block gas limit and cause the function to revert.
It is important to note that the block gas limit constraint is applicable to view functions as well, despite their generally higher gas allowance. This measure serves as a safeguard against potential denial-of-service attacks targeting RPC providers.
While the current implementation may not pose immediate concerns, the function's long-term reliability is questionable. The issue is expected to manifest once the count of locks reaches an extensive scale, potentially in the tens or hundreds of thousands.
Manual Review
To enhance the contract's efficiency and manageability, I recommend implementing a bounded iteration approach by introducing maximum and minimum index parameters. This modification will enable contract administrators to execute the function in segmented steps while aggregating the results to achieve the desired outcome. Please note that this adjustment necessitates a refactoring of the existing function, including the removal of the assert and break statements. Depending on the expected number of users on the platform, this may never become an issue.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.