Summary

There is an unbounded loop inside TSender::areListsValid() which could lead to a DOS attack making the contract unusable.

Vulnerability Details

The primary concern arises from the nested loop used to check for duplicate addresses among the recipients. This loop iterates over each pair of addresses in the recipients array, leading to a time complexity of O(n^2). As the size of the recipients array increases, the computational cost of executing this function grows quadratically.

Impact

An attacker could exploit this by submitting a transaction with a very large recipients array, causing the function to consume a significant amount of gas. If the gas required exceeds the block gas limit, the transaction would fail, but the attacker could repeatedly attempt this until the contract becomes unresponsive or until legitimate users are priced out due to high gas fees

Moreover, the lack of explicit input validation regarding the size of the recipients and amounts arrays further exacerbates this vulnerability. Without limiting the maximum size of these arrays, an attacker has unrestricted freedom to submit increasingly larger arrays, thereby increasing the likelihood of a successful DoS attack.

Tools Used

Manual Review

Recommendations

Replace the nested loop with a more efficient method for checking duplicates, such as using a mapping to track seen addresses. This approach reduces the time complexity from O(n^2) to O(n), significantly lowering the gas cost for large arrays.