In LiquidationPool.sol the function distributeFees() could be out of service due to unbounded gas consumption
Summary
The function to distribute fees in the liquidation pool could be out out of service due if the number of pending stakes increases rapidly within a 24 hour period.
Vulnerability Details
The function distributeFees() contains four unbounded for loops, the first two are in the function getTstTotal(), although this is a view function the distributeFees() function is external and reading from storage will cost a considerable amount of gas, although it is known that a high number of holders can cause problems for the protocol, I would state the a high number of pending stakes could could compound the amount of gas consumed.
The other two for loops are in the distributeFees() function itself, which distribute a percentage of fees to the holders and pending stakes positions proportionally to their stake. These loops are unbounded and can exceed the block gas limit.
Impact
The distributeFees function will be out of service, which will mean the increasePosition() and decreasePosition() functions will also be out of service. This will lead to locked user funds.
Tools Used
Manual Review
Recommendations
I would recommend that the total staked is updated in a variable each time a new stake is committed to the protocol, and also a hard limit on the pendingStakes array is a viable solution. Also a batch distribution of fees would also suffice.
Lead Judging Commences
pendingstake-dos
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.