KittyConnect::addShop Functions that iterate over the array can become vectors for denial-of-service (DoS) attacks if they're not properly protected.
Summary
To prevent the s_kittyShops array from growing indefinitely in KittyConnect smart contract, you can set limits on its size.
Vulnerability Details
Functions that iterate over the array can become vectors for denial-of-service (DoS) attacks if they're not properly protected.
Impact
An attacker could, in theory, add a large number of addresses to the array, making iterations over it consume excessive amounts of gas, thus preventing regular contract operation or causing functions to fail due to out-of-gas errors
Tools Used
Manual review
Recommendations
Define a maximum number of entries allowed in the s_kittyShops array and enforce this limit within the function that adds new shop partners.
uint256 private constant MAX_SHOP_PARTNERS = 100; // Example limit
function addShop(address shopAddress) external onlyKittyConnectOwner {
require(s_kittyShops.length < MAX_SHOP_PARTNERS, "KittyConnect__MaxShopsReached");
s_isKittyShop[shopAddress] = true;
s_kittyShops.push(shopAddress);
emit ShopPartnerAdded(shopAddress);
}
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.