The Standard

Summary

The getTstTotal function in the smart contract calculates the total TST (presumably a token or a unit) by iterating over two separate arrays: holders and pendingStakes. The dual iteration significantly increases the risk of the function reverting due to excessive gas consumption, especially when both arrays grow large.

Might be considered low because Arbitrum's Block Gas Limit is pretty high: https://arbiscan.io/chart/gaslimit

Vulnerability Details

This function aggregates the total TST by iterating through every entry in both the holders and pendingStakes arrays. In Ethereum smart contracts, each operation, including iterations in a loop, consumes gas, and there is a limit to the gas that can be used in a single transaction. When either or both of these arrays become large, the cumulative gas cost of iterating through them may exceed the block's gas limit, causing the function to revert and fail to return the total TST. This dual iteration exacerbates the issue compared to a single-array iteration, doubling the risk of hitting the gas limit.

Impact

The potential reversion of the getTstTotal function due to large array sizes could critically affect the contract's functionality, particularly in processes where the total TST calculation is essential. It poses a scalability issue, as the contract might become less reliable or functional as the number of holders and pending stakes increases.

Tools Used

Manual Review.

Recommendations

Implement a global variable that keeps track of the total TST in the contract. This variable should be updated appropriately whenever TST values change