First Flight #13: Baba Marta
First Flight #13
Beginner FriendlyFoundryGameFi
100 EXP
View results
Previous Next
Submission Details
Severity: low
Invalid

`voteForMartenitsa::MartenitsaVoting` will result in a denial of service attack

oldguard

Summary

Description: The voteForMartenitsa::MartenitsaVoting function could result in a denial of service attack due to lack of checks for duplicates on the _tokenIds array an attacker could call this function numerous times to inflate the array hereby rendering the announce winner function impossible to call a test below will be showcasing the intentional overpopulation of the _tokenIds Array and the gasleft after the population, since announceWinner loops through _tokenIds this will result in a revert due to the function running out of gas

Vulnerability Details

function testDenialOfService() public listMartenitsa {
uint precall = gasleft();
console.log("Initial gas left:", precall);
voting.startVoting();
for (uint i = 1; i < 1000000; i++) {
string memory str_eq = Strings.toString(i);
address caller = makeAddr(str_eq);
vm.prank(caller);
voting.voteForMartenitsa(0);
}
uint postcall = gasleft();
console.log("Gas left after call", gasleft());
uint gasConsumed = precall - postcall;
console.log("Gas consumed by populating _tokenIds:", gasConsumed);
console.log("Vote count for token ID 0:", voting.getVoteCount(0));
}

this showcases the gas consumption of 1 million items in the _tokenIds quite massive considering it's only a million.

Impact

announceWinner can't be called due to insufficient gas

Tools Used

No tools were used.

Recommendations

create an array listedTokens inside of MartenitsaMarket.sol that contains all listed tokens and loop through that instead, much safer and no duplicates

Updates

Lead Judging Commences

bube Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

Unbounded arrays

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.