Users in a private pool. It allows the owner of the contract to stake or withdraw funds for multiple users in a private pool based on the given amounts.
Summary
Users in a private pool. It allows the owner of the contract to stake or withdraw funds for multiple users in a private pool based on the given amounts.
Vulnerability Details
Gas Consumption: The Distribution.sol:_stake function, called within manageUsersInPrivatePool, involves several storage operations (SSTORE and SLOAD). If the loop in Distribution.sol:manageUsersInPrivatePool iterates over a large number of users or if the contract's storage is already saturated, it may lead to high gas consumption and potential out-of-gas errors.
Unbounded Loop: Although the loop in manageUsersInPrivatePool is bounded by the length of the users array, if this array is too large, it could still result in excessive gas costs.
Impact
High gas consumption due to multiple storage operations may result in failed transactions or increased transaction costs.
Unbounded loops may lead to contract execution failures or denial of service if the loop iterates over a large number of users.
Tools Used
Manual review
Recommendations
Gas Optimization:
Minimize storage operations inside loops, especially in functions like _stake where gas-intensive operations are performed.Consider batching operations to reduce gas costs.
Loop Bounds:
Implement mechanisms to limit the size of input arrays or loops to prevent potential gas exhaustion.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.