There are two unbounded address arrays used in the protocol. It is possible for one or both of these arrays to grow too large when iterating over them would cause an Out Of Gas error and DoS protocol functionality.
There are three arrays MartenitasVoting:_tokenIds
, MartenitsaToken::producers
and MartenitsaEvent::participants
used in the protocol. No array is bounded and can theoretically grow infinitely.
Each array is iterated over at least once in the following functions:
iterate participants
in MartenitsaEvent::stopEvent
iterate producers
in MartenitsaToken::setProducers
iterate _tokenIds
in MartenitasVoting::announceWinner
If these arrays grow too large these functions will fail and the DoS will happen on critical functions.
While the arrays growing to such a length at which iterating over them would cause OOG errors to be thrown is unlikely because these functions are somewhat protected by a modifier or the capital cost of adding something to the array it is still possible and therefor is a low risk finding.
Denial of Service on critical functions.
Manual Review
Be cautious when adding to unbounded arrays and use mappings when possible for quick lookups.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.