The Standard
The Standard
DeFiHardhat
20,000 USDC
View results
Previous Next
Submission Details
Severity: high
Valid

`consolidatePendingStakes` function contains a loop that may be susceptible to hitting gas limits

0xVinylDavyl

Summary

The consolidatePendingStakes function in the LiquidationPool contract contains a loop that may pose a gas efficiency risk, particularly when dealing with potentially large arrays of pending stakes.

Vulnerability Details

The consolidatePendingStakes function iterates through the pendingStakes array, and its gas efficiency might become a concern as the array size increases. Gas optimization strategies need to be considered, especially when working with loops, to prevent potential gas limit issues.

function consolidatePendingStakes() private {
uint256 deadline = block.timestamp - 1 days;
uint256 length = pendingStakes.length;
for (int256 i = int256(length) - 1; i >= 0; i--) {
PendingStake memory _stake = pendingStakes[uint256(i)];
if (_stake.createdAt < deadline) {
positions[_stake.holder].holder = _stake.holder;
positions[_stake.holder].TST += _stake.TST;
positions[_stake.holder].EUROs += _stake.EUROs;
deletePendingStake(uint256(i));
}
}
}

Impact

The presence of loops in the consolidatePendingStakes function may make it susceptible to hitting gas limits, especially when handling large arrays. Gas limits or high gas costs may lead to transaction failures.

Tools Used

VsCode / Manual Code Review

Recommendations and Vulnerability Details

To mitigate potential gas limit issues, consider adopting gas-efficient coding patterns. Breaking down large loops into smaller batches can be an effective strategy. This involves processing a limited number of elements in each iteration, reducing the computational load per transaction and mitigating gas-related concerns.

Adopting this approach, the function's gas consumption can be better managed, reducing the risk of encountering gas limit-related issues during execution. Adjust the batch size based on gas consumption considerations and transaction requirements.

function consolidatePendingStakes() private {
uint256 deadline = block.timestamp - 1 days;
uint256 length = pendingStakes.length;
uint256 batchSize = 100; // Adjust the batch size as needed
for (int256 i = int256(length) - 1; i >= 0; i -= int256(batchSize)) {
for (uint256 j = 0; j < batchSize && uint256(i - j) < length; j++) {
PendingStake memory _stake = pendingStakes[uint256(i - j)];
if (_stake.createdAt < deadline) {
positions[_stake.holder].holder = _stake.holder;
positions[_stake.holder].TST += _stake.TST;
positions[_stake.holder].EUROs += _stake.EUROs;
deletePendingStake(uint256(i - j));
}
}
}
}
Updates

Lead Judging Commences

hrishibhat Lead Judge over 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

pendingstake-dos

hrishibhat Lead Judge over 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

pendingstake-high

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.