Submission Details
Severity:
Potential denial of service (DoS) in `MartenitsaVoting::announceWinner()`
Summary
The MartenitsaVoting::announceWinner() function loops through _tokenIds array to get the winnerTokenId.
Vulnerability Details
The longer the _tokenIds array is, the more gas is consumed.
Impact
function announceWinner() external onlyOwner {
require(block.timestamp >= startVoteTime + duration, "The voting is active");
uint256 winnerTokenId;
uint256 maxVotes = 0;
// @audit - Impact: High because the gas cost increases with the number of tokenIds
for (uint256 i = 0; i < _tokenIds.length; i++) {
if (voteCounts[_tokenIds[i]] > maxVotes) {
maxVotes = voteCounts[_tokenIds[i]];
winnerTokenId = _tokenIds[i];
}
}
list = _martenitsaMarketplace.getListing(winnerTokenId);
_healthToken.distributeHealthToken(list.seller, 1);
emit WinnerAnnounced(winnerTokenId, list.seller);
}
Large arrays potentially can lead to denial of service. The gas cost increases exponentially with the number of tokenIds.
Tools Used
Manual Review
Recommendations
The loop should be optimized to avoid iterating over all the tokenIds. Potential optimization: store the tokenId with the highest votes.
Updates
Lead Judging Commences
bube over 1 year ago
Submission Judgement Published Reason: Non-acceptable severity
Assigned finding tags:
Unbounded arrays
Rewards breakdown
nSLOC
239This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.