The Standard
The Standard
DeFiHardhat
20,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Inefficient Loop Continuation After Holder Deletion in deleteHolder Function

0xaadhi

Vulnerability Details

The deleteHolder function is designed to remove a holder's address from the holders array. The current implementation continues to iterate over the array even after the holder has been successfully removed. This is inefficient as it unnecessarily consumes gas and does not align with the assumption that an address can only exist once in the holders array.

File: contracts/LiquidationPool.sol
function deleteHolder(address _holder) private {
for (uint256 i = 0; i < holders.length; i++) {
if (holders[i] == _holder) {
holders[i] = holders[holders.length - 1];
@> holders.pop(); // @audit [LOW] loop must end here
}
}
}

https://github.com/Cyfrin/2023-12-the-standard/blob/91132936cb09ef9bf82f38ab1106346e2ad60f91/contracts/LiquidationPool.sol#L96C4-L103C6

Tools Used

Manual Review

Recommendations

it is recommended to terminate the loop immediately after the holder is removed.

function deleteHolder(address _holder) private {
for (uint256 i = 0; i < holders.length; i++) {
if (holders[i] == _holder) {
holders[i] = holders[holders.length - 1];
holders.pop();
+ return; // Exit the function after deleting the holder
}
}
}
Updates

Lead Judging Commences

hrishibhat Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

informational/invalid

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.