Summary

There are two unbounded address arrays used in the protocol. It is possible for one or both of these arrays to grow too large when iterating over them would cause an Out Of Gas error and DoS protocol functionality.

Vulnerability Details

There are three arrays MartenitasVoting:_tokenIds, MartenitsaToken::producers and MartenitsaEvent::participants used in the protocol. No array is bounded and can theoretically grow infinitely.

Each array is iterated over at least once in the following functions:

iterate participants in MartenitsaEvent::stopEvent
iterate producers in MartenitsaToken::setProducers
iterate _tokenIds in MartenitasVoting::announceWinner

If these arrays grow too large these functions will fail and the DoS will happen on critical functions.

While the arrays growing to such a length at which iterating over them would cause OOG errors to be thrown is unlikely because these functions are somewhat protected by a modifier or the capital cost of adding something to the array it is still possible and therefor is a low risk finding.

Impact

Denial of Service on critical functions.

Tools Used

Manual Review

Recommendations

Be cautious when adding to unbounded arrays and use mappings when possible for quick lookups.