The constructor in the KittyConnect
contract is gas expensive due to a for loop used for initializing an array.
In the KittyConnect
contract, the constructor
initializes an array of shop addresses using a for loop. However, this approach can be inefficient, especially if the array size is large. Gas consumption in Ethereum is directly proportional to the computational complexity of the contract's execution. Therefore, using a for loop to initialize an array with a large number of elements can result in significant gas costs.
Relevant code snippet for constructor:
This can be a Medium to High vulnerability. The impact of this vulnerability is significant, as it can lead to a DoS attack.
Create a new test file called GasLimitConstructor.t.sol
.
Paste the following code in the test file.
Run forge test --match-path test/GasLimitConstructor.t.sol -vvvvv
in terminal.
The gas is used more x10 than the limit specified in KittyBridge
contract's constructor's gaslimit = 400000
.
VSC, manual review, foundry.
Instead of initializing s_kittyShops
and s_isKittyShop
directly in the constructor, you can have a factory function which intialize the initializeShops
with proper access control onlyKittyConnectOwner
modifier that allows adding shop addresses individually.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.