The writeMessageInSharedSpace
function in the Soulmate contract lacks any gas limits or restrictions on the length or complexity of the input message. This vulnerability can be exploited by malicious actors to launch denial-of-service (DoS) attacks, consuming excessive gas and potentially disrupting network performance, transaction processing, and user experience.
The function does not enforce any gas limits or resource constraints on the message
string.
Attackers can exploit this by submitting messages with:
Excessive length, exceeding the block gas limit and causing transaction failures.
High computational complexity, requiring significant gas for processing and slowing down the network.
High gas usage can lead to network congestion, impacting transaction processing times and user experience for all applications on the blockchain.
Manual Review
Set a reasonable maximum gas limit for the writeMessageInSharedSpace
function to prevent excessively expensive transactions.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.