DeFiHardhat
21,000 USDC
View results
Submission Details
Severity: medium
Invalid

Denial of service from possible exhuastive loop iteration

Summary

The loop iteration in the _withdrawTokens function may not have a well-defined upper bound, potentially leading to excessive gas consumption or out-of-gas errors.

Vulnerability Details

The loop iterates over the stems array, potentially causing gas exhaustion if the array is very large. The loop's termination condition relies on the number of stems and the maxTokens value. However, if the condition (i < stems.length) && (a.active.tokens < maxTokens) is not carefully controlled, it may lead to unexpected gas consumption.

Impact

When the length of the stem becomes exhaustively long, the gas price required to loop over all of it may become too high and unaffordable. This could result in transactions failing due to out-of-gas errors or significantly increased gas costs for users.

Tools Used

Manual

Recommendations

Ensure that the loop iteration is bounded by a well-defined upper limit to prevent gas exhaustion. Consider limiting the number of iterations or implementing pagination for large arrays.

Updates

Lead Judging Commences

giovannidisiena Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.