stake.link

DeFiHardhatBridge

27,500 USDC

View results

Previous Next

Submission Details

Severity: medium

Invalid

Potential DoS via Excessively Large Batch Processing in Stake.link's Secondary SDL Pool

ro1sharkm

Summary

The Stake.link secondary SDL pool smart contract utilizes batch processing for efficiency, but large batch sizes could exceed gas limits and trigger frequent transaction failures. This vulnerability might lead to for denial-of-service (DoS) , impacting user experience and preventing timely action processing.

Vulnerability Details

The smart contract allows queuing lock actions (new locks and updates) in batches for efficiency. However, there is no limit mechanism for a batch size.
Large batch sizes in functions such as _mintQueuedNewLocks and _executeQueuedLockUpdates may lead to gas consumption exceeding individual transaction gas limits or the overall block gas limit. This could result in frequent transaction failures and delays, especially during periods of network congestion.

Impact

Large batch sizes may cause individual transactions to exceed gas limits, resulting in transaction failures.

Tools Used

Manual review

Recommendations

Set Reasonable Batch Size Limits

Updates

Lead Judging Commences

0kage Lead Judge over 1 year ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Prize pool breakdown

Total prize

27,500 USDC

nSLOC

1,414

19 USDC / LOC

High Medium

25,000 USDC

Low

2,500 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.