Air dropping tokens to a large number of users cause DOS due to block gas limit exceed
Summary
Air dropping tokens to a large number of users cause DOS due to block gas limit exceed.
Vulnerability Details
As mentioned on readme page that this protocol is going to air drop tokens to a large number of users (Without specifying any limit) but It won't be possible with current implementation. It is also given that for 1000 recipient drops Huff- no check has lowest gas cost which is = 25520450.
Now If we consider Ethereum chain there the upper cap for block gas limit is ~30M. If we further increase the no. of recipient count by few hundreds It will certainly cross the block gas limit of Ethereum. It won't be a problem If we test with foundry but On mainnet this transaction will sit idle in mempool without being picked up by validator as given transaction gas cost exceed block gas limit.
Impact
stuck transaction due to gas cost exceeding block gas limit.
Tools Used
Manual
Recommendations
Either limit the number of recipients
Or Split the list of recipients into small batches, and send multiple transaction each handling single batch of recipient
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.