stake.link

DeFiHardhatBridge

27,500 USDC

View results

Previous Next

Submission Details

Severity: low

Valid

Arrays can grow in size without a way to shrink them

0xmilenov

Summary

Growth of arrays in smart contracts, leading to potential out-of-gas errors and a permanent lock of array elements when reaching maximum size.

Vulnerability Details

As these arrays cannot shrink, if the array has a maximum size, it won't be possible to change its elements once it reaches that size. Otherwise, it can grow indefinitely in size, which can increase the likelihood of out-of-gas errors.

}75: currentMintLockIdByBatch.push(0);

}76: queuedNewLocks.push();

}77: queuedNewLocks.push();

}323: queuedNewLocks.push();

}344: currentMintLockIdByBatch.push(_mintStartIndex);

}371: queuedNewLocks[updateBatchIndex].push(lock);

Impact

Users might encounter failed transactions due to out-of-gas errors, leading to a loss of funds spent on gas. Moreover, the contract might reach a state where it is no longer possible to update or manage certain elements, leading to a loss of functionality and potentially locking in assets or states permanently.

Tools Used

Manual Review

Recommendations

Integrate functions to remove elements

Updates

Lead Judging Commences

0kage Lead Judge over 1 year ago

Submission Judgement Published

Validated

Assigned finding tags:

unbounded-locks

getLockIdsByOwner could be very gas intensive and revert

Prize pool breakdown

Total prize

27,500 USDC

nSLOC

1,414

19 USDC / LOC

High Medium

25,000 USDC

Low

2,500 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.