Audit Report for SDLPool.sol - Scalability Concern
Summary
This report highlights a potential scalability issue in the SDLPool.sol smart contract, specifically within the getLockIdsByOwner function. The current storage and retrieval method for lock IDs will become increasingly expensive over time.
Vulnerability Details
In SDLPool.sol:177, the getLockIdsByOwner function iterates through all lock IDs from 1 to lastLockId to determine which locks belong to a specific owner. This approach, while functional, becomes inefficient as the number of lock IDs grows, leading to increased gas costs and slower execution times.
Impact
The linear search methodology employed in the function poses the following risks:
High Gas Costs: As the
lastLockIdincreases, the cost of iterating through all lock IDs grows, resulting in expensive read operations.Scalability Issues: The function's performance degrades over time as the dataset grows, potentially making it impractical or too costly to use in the long term.
Reduced User Experience: Slower execution times and higher costs can negatively impact the user experience, especially for accounts with a large number of locks.
Since the protocol itself doesn't use the function there is no risk of it affecting it but being a user facing function is it worth to be aware of it.
Tools Used
Manual Review
Recommendations
To address these issues, consider implementing a more efficient storage solution:
Indexing Locks by Owner: Maintain a mapping of owner addresses to an array of their lock IDs. This approach enables direct access to an owner's locks without iterating through the entire dataset.
Lead Judging Commences
unbounded-locks
getLockIdsByOwner could be very gas intensive and revert
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.