Beginner FriendlyFoundryGameFi
100 EXP
View results
Submission Details
Severity: low
Invalid

Possible Dos attack for MartenitsaEvent::stopEvent()

Summary

Possible Dos attack when there're lots of participants.

Vulnerability Details

In MartenitsaEvent, when the owner calls stopEvent() to stop one event. Contracts will loop all participants to reset variable isProducer.

function stopEvent() external onlyOwner {
require(block.timestamp >= eventEndTime, "Event is not ended");
for (uint256 i = 0; i < participants.length; i++) {
isProducer[participants[i]] = false;
}
}

If there're lots of participants, the event might not be ended because of out of gas.

Impact

These participants will gain permanent producer permission, this is unexpected.

Tools Used

Manual

Recommendations

Consider to limit the number of participant to avoid this kind of scenario.

Updates

Lead Judging Commences

bube Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

Unbounded arrays

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.