First Flight #13: Baba Marta
First Flight #13
Beginner FriendlyFoundryGameFi
100 EXP
View results
Previous Next
Submission Details
Severity: low
Invalid

Too many tokens participating the election will lead to denial of service

n0kto

Description

MartenitsaVoting::announceWinner go through the all list of tokens which have at least one vote.
If too many tokens are participating the function will go over the block gas limit and would be impossible to call without reverting.
A malicious attacker can create many account and give one vote to a lot of different listed token to DoS the election if their favorite token will loose.

function announceWinner() external onlyOwner {
require(
block.timestamp >= startVoteTime + duration,
"The voting is active"
);
uint256 winnerTokenId;
uint256 maxVotes = 0;
@> for (uint256 i = 0; i < _tokenIds.length; i++) {
if (voteCounts[_tokenIds[i]] > maxVotes) {
maxVotes = voteCounts[_tokenIds[i]];
winnerTokenId = _tokenIds[i];
}
}
list = _martenitsaMarketplace.getListing(winnerTokenId);
_healthToken.distributeHealthToken(list.seller, 1);
emit WinnerAnnounced(winnerTokenId, list.seller);
}

Risk

Likelyhood: High

  • Two many tokens in the competition.

Impact: High

  • Denial of service of announceWinner.

Recommended Mitigation

Keep track of the maximum vote number for every vote and check if the vote changed this and store the new winner in a variable.
Change announceWinner to reward the winner stored in the variable.

Avoid any loops in the code, especially if its number of iteration can be increased by users.

Updates

Lead Judging Commences

bube Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

Unbounded arrays

n0kto Submitter
over 1 year ago
bube Lead Judge
over 1 year ago
bube Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

Unbounded arrays

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.