Unbounded arrays used in loops may cause protocol in DOS state
Summary
Unbounded arrays used in loops may cause protocol in DOS state
Vulnerability Details
In the RewardsInitiator.sol contract there is a checkUpkeep function, the task of this function is to check each reward from the strategies in the stakingPool whether it needs to be updated due to a negative rebase or not. strategies is a calculation of rewards from the stake position held by each user in the stakingPool, this is varied and unique because there are variables in the amount of deposit made and the lock time if the user does it.
The focus here is on the internal variable in the form of an array, namely strategies. The main problem lies in the use of this array in a loop which aims to check whether a strategy needs to be updated or not. The code is below :
strategies is an unbounded array that can only increase. This refers to the lock duration which uses a yearly period and if a strategy is not unlocked then it will continue to receive rewards forever even if the unlock period has passed. When this unbounded array is used in a loop, if this array going bigger in size, it will trigger a DOS on the checkUpkeep function which causes the rewards on strategies that have negative rebase to not be able to performUpkeep.
Impact
The protocol cannot update rewards from strategies in the staking pool
Tools Used
Manual Review
Recommended Mitigation
Consider limiting the number of strategies in the staking pool
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.