Unbounded loop in `MartenitsaVoting::announceWinner`, leading to potential denial of service
Summary
Within MartenitsaVoting::announceWinner function, there is a loop that iterates through the _tokenIds array, whose length corresponds to the total vote count during the voting period. If there are numerous participants in the voting, resulting in a large array, executing this operation could consume significant gas, potentially leading to an out-of-gas issue.
Vulnerability Details
In the MartenitsaVoting::announceWinner function, there is a loop that iterates through the _tokenIds array. As the size of the array increases, so does the gas consumption. We can add the following test case in the MartenitsaVoting.t.sol file, where we can gradually increase the voteAmount value to observe the difference in gas consumption.
voteAmount = 10, gas used = 792,548
voteAmount = 100, gas used = 3,847,598
voteAmount = 1000, gas used = 34,398,098
voteAmount = 10,000, gas used = 339,903,098
voteAmount = 100,000, gas used = 3,394,953,098
As the total number of voters increases, so does the gas consumption, which may potentially result in denial-of-service or out-of-gas issues. Please refer to SWC-128 for more information on this matter.
Impact
The protocol owner may face significant gas fees as the contract operates on the Ethereum mainnet and gas usage escalates with increased user participation in voting events. This situation could potentially result in denial of service or substantial delays in transaction execution, as transactions may surpass the gas limit of a single block.
Tools Used
Manual Review, Foundry Testing
Recommendations
Avoid using array as a data structure to record participants, especially when you need to loop through all of the item.
Lead Judging Commences
Unbounded arrays
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.