Summary

In Solidity, the use of for loops within public or external functions can lead to high gas costs and potential Denial of Service (DoS) attacks. This report identifies instances of for loops in the SablierV2 contracts that could pose these risks, particularly in the context of nested loops and large input arrays.

Vulnerability Details

For loops in public or external functions can be exploited to cause DoS attacks by making the function calls prohibitively expensive or causing them to run out of gas. This is especially problematic when loops iterate over large arrays or when nested loops are used. Specific instances of such for loops in the SablierV2 contracts are as follows:

1. SablierV2Lockup.sol

   • cancelMultiple function

   • withdrawMultiple function

2. SablierV2BatchLockup.sol

   • createWithDurationsLD function

   • createWithTimestampsLD function

   • createWithDurationsLL function

   • createWithTimestampsLL function

   • createWithDurationsLT function

   • createWithTimestampsLT function

3. SablierV2MerkleLockupFactory.sol

   • createMerkleLT function

Impact

The primary impact of this vulnerability is the potential for DoS attacks. Attackers can exploit the high gas costs associated with these for loops to make the functions prohibitively expensive to call, thereby disrupting the contract’s intended operations and potentially locking out legitimate users.

Tools Used

• Manual code review

• Static analysis tools for identifying loops and gas usage patterns

Recommendations

• Avoid large for loops: Refactor the functions to avoid iterating over large arrays in a single transaction.

• Batch processing: Implement batch processing with a limit on the number of items processed in each transaction to prevent excessive gas consumption.

• Off-chain computation: Where feasible, perform computations off-chain and submit the results on-chain to reduce gas costs.

• Gas limit checks: Incorporate checks to ensure that the gas required for loop execution does not exceed a safe threshold.