Unbounded loop leads gas DOS.
Summary
PendingStakes and holders array which is stored as the state variables. If this arrays length extended to few hundreds it will potentially leads to reach the block.gasLimit and DOS.
Vulnerability Details
Function getTstTotal() have for-loop is used to get total TST tokens by doing sum of array which leads to potential DOS if holders and pendingStakes array length have few hundreds.by calling all array data which is highly gas expensive it leads to hits the block.gaslimit in one transaction.
In the above code we can see that two for-loops calls the holders and pendingStakes arrays in one transaction if two arrays have few hundreds length then it enough to make DOS by reaching block.gasLimit.
We noticed that protocol deploys on arbitrum but we can see block.gasLimit on arbitrum.
Before submitting this report the latest transaction made on arbitrum here :-
https://arbiscan.io/block/164636936
Arbitrum block gas limit :- 1,125,899,906,842,624
The simple swap transaction cost 4,227,935 on arbitrum.
Then few hundreds array length is enough to cause the DOS.
Impact
It will create DOS(denial of service) to subsequent requests.
Tools Used
Manual View
Recommendations
Add a mechanism which user can specify the min-max length of the array.
Instances
Below function which is also associated with DOS gas-limi issue
getStakeTotal()
Function which is associated with above function also lands on DOS.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.