Summary

The sunrise function in the SeasonFacet contract lacks control over gas consumption, which may lead to potential out-of-gas errors or excessive gas usage.

Vulnerability Details

The sunrise function executes several operations in a single transaction, including

• updating the Season,

• performing oracle calculations,

• incentivizing the caller, and

• emitting events.
  However, it does not limit the gas consumption of these operations. As a result, if any of these operations consume an excessive amount of gas, the transaction may fail due to an out-of-gas error, or the caller may incur unexpectedly high gas fees.

Impact

The lack of gas limit control in the sunrise function may result in:

• Out-of-gas errors: If the gas consumed by the function exceeds the block gas limit, the transaction will fail, causing potential disruption to users and applications relying on this functionality.

• Excessive gas fees: Users invoking the sunrise function may incur higher-than-expected gas fees if the function consumes a significant amount of gas.

Tools Used

Manual code review

Recommendations

• Implement gas limit controls: Set reasonable gas limits for each operation within the sunrise function to prevent excessive gas consumption.