DOS: consolidatePendingStakes() May be made unusable by large amount of pendingStakes
Summary
consolidatePendingStakes() iterate through the pendingStakes array to set new PendingStake into positions mapping, but there is no cap on the array length!
Vulnerability Details
An attacker can continually increment pendingStakes by calling increasePosition(). There is no minimum amount of _tstVal or _eurosVal required so the attacker can create many PendingStake with the smallest amount of _tstVal or _eurosVal as possible.
Impact
When the value of pendingStakes is raised sufficiently high LiquidationPool.consolidatePendingStakes() will not be able to be called due to the block gas limit. Also, consolidatePendingStakes() is used in many other core functions like increasePosition(), decreasePosition(), distributeAssets().
Tools Used
Manual review
Recommendations
Before pushing new items into pendingStakes array, consider checking the maximum amount of PendingStake that can be made in a day. As in consolidatePendingStakes() logic, the PendingStakes are only processed if they are 1-day old.
Lead Judging Commences
pendingstake-dos
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.