TSender

Summary

A Denial of Service (DoS) vulnerability has been identified in the airdropERC20() function of the TSender contract. This issue arises from processing large arrays of recipients within a single transaction, which can exceed the block gas limit and cause the transaction to fail. This vulnerability disrupts the airdrop process and leads to failed transactions and operational inefficiencies.

Vulnerability Details

The airdropERC20 function processes the recipients array in a for-loop, iterating over each recipient to transfer tokens. If the recipients array is too large, the gas required to complete the function execution can exceed the block gas limit, causing the transaction to revert.

Impact

If a user specifies a large number of recipients (e.g., 10,000), the function will attempt to process all these transfers in a single transaction. The gas required for this operation will likely exceed the block gas limit, resulting in a transaction failure. This failure prevents the completion of the airdrop and wastes gas, causing inefficiencies. For example, if a total of 10,000 recipients are specified, the transaction may revert mid-way, leading to partial transfers and the need to re-initiate the process, incurring additional gas costs.

Tools Used

• Manual Review

Recommendations

To prevent these issues and ensure reliable and efficient token distribution, it is recommended to implement batch processing for the TSender contract. This approach divides the airdrop process into smaller, manageable chunks, ensuring each transaction remains within the block gas limit. By doing so, it prevents the function from exceeding the gas limit and ensures the successful completion of the airdrop.

Batch Processing Implementation

TSender Contract
Here is an example of how to modify the airdropERC20 function in the TSender contract to handle batch processing using assembly: