PendingStakes and holders array which is stored as the state variables. If this arrays length extended to few hundreds it will potentially leads to reach the block.gasLimit and DOS.
Function getTstTotal()
have for-loop is used to get total TST tokens by doing sum of array which leads to potential DOS if holders
and pendingStakes
array length have few hundreds.by calling all array data which is highly gas expensive it leads to hits the block.gaslimit in one transaction.
In the above code we can see that two for-loops calls the holders
and pendingStakes
arrays in one transaction if two arrays have few hundreds length then it enough to make DOS by reaching block.gasLimit.
We noticed that protocol deploys on arbitrum but we can see block.gasLimit on arbitrum.
Before submitting this report the latest transaction made on arbitrum here :-
https://arbiscan.io/block/164636936
Arbitrum block gas limit :- 1,125,899,906,842,624
The simple swap transaction cost 4,227,935
on arbitrum.
Then few hundreds array length is enough to cause the DOS.
It will create DOS(denial of service) to subsequent requests.
Manual View
Add a mechanism which user can specify the min-max length of the array.
Below function which is also associated with DOS gas-limi issue
getStakeTotal()
Function which is associated with above function also lands on DOS.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.