Summary

The Solidity code snippets provided depict the usage of unbounded state arrays that are iterated upon in the SablierV2LockupDynamic.sol and SablierV2LockupTranched.sol contracts. This practice can lead to excessive gas consumption, especially when the array size exceeds the block gas limit, potentially causing transaction failures or other gas-related issues.

Vulnerability Details

The vulnerabilities arise from the following code snippets:

1. In SablierV2LockupDynamic.sol at line 345, the _segments array is being pushed with elements from params.segments, potentially resulting in an unbounded array size.

https://github.com/Cyfrin/2024-05-Sablier/tree/main/v2-core/src/SablierV2LockupDynamic.sol#L345

2. In SablierV2LockupTranched.sol at line 249, the _tranches array is being pushed with elements from params.tranches, similarly leading to a potentially unbounded array size.

https://github.com/Cyfrin/2024-05-Sablier/tree/main/v2-core/src/SablierV2LockupTranched.sol#L249

Impact

Iterating over unbounded state arrays can result in excessive gas consumption, particularly if the array size surpasses the block gas limit. This may lead to transaction failures, block gas limit exceedance, or other gas-related issues, impacting the reliability and functionality of the contracts.

Tools Used

Manual code review was conducted to identify the vulnerability.

Recommendations

1. Limit array sizes for iteration to mitigate excessive gas consumption.

2. Consider alternative data structures such as linked lists for managing large datasets more efficiently.

3. Implement paginated processing for iterating over smaller batches of data across multiple transactions to avoid gas-related problems.

4. Utilize a 'state array' with a separate index-tracking array to manage large datasets effectively while mitigating gas consumption issues.