TSender

Cyfrin

DeFiFoundry

15,000 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

Out-of-Gas Risk in Multi-Recipient Token Transfers

ro1sharkm

Summary

The current implementation of the TSender contracts in the airdropERC20 function is susceptible to out-of-gas errors when processing a large number of recipients. This vulnerability can lead to transaction failures hindering large-scale token distributions

Vulnerability Details

The airdropERC20 functions iterates through a list of recipients performing individual token transfers within a loop. Each transfer consumes gas and the cumulative gas usage increases with the number of recipients. If the recipient list is extensive, the total gas consumption can exceed the Ethereum block gas limit causing transaction failure due to out-of-gas errors.

Impact

Users attempting large-scale token distributions will experience transaction failures preventing successful token transfers

Tools Used

Manual review

Recommendations

Modify the airdropERC20 functions to process recipients in smaller batches. Define a fixed batch size (e.g., 100 recipients) that ensures each batch stays well below the gas limit.

Updates

Lead Judging Commences

inallhonesty Lead Judge over 1 year ago

Submission Judgement Published

Invalidated

Reason: Design choice

Prize pool breakdown

Total prize

15,000 USDC

nSLOC

256

59 USDC / LOC

High Medium

12,500 USDC

Low

1,375 USDC

Judges

1,125 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.