No limit on number of holders can lead to out-of-gas errors
Summary
There is no limit on how many users can become holders and participate in LiquidationPool.sol. If a lot of users join, some function can revert with out of gas due to exceeding the block gas limit.
Impact
There are no restrictions for users trying to join the liquidation pool. This endangers functions such as getStakeTotal and getTstTotal, which loop over an array of holders.
So this function call increases in gas cost linearly with the number of users. So if a lot of users join, this function can revert with out of gas due to exceeding the block gas limit. This can actually break the liquidation process, since the liquidation process calls distributeAssets, which call these functions.
So attackers can create dummy deposits from lots of addresses to block their positions from getting liquidated. Since this allows users to bypass and prevent liquidations, this is a high severity issue.
Tools Used
Manual review
Recommendations
Add a limit for how many users can join the liquidation pool. Or, use a global variable to track the total balances instead of looping over all holders.
Lead Judging Commences
informational/invalid
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.