Summary

The current implementation of the TSender contracts in the airdropERC20 function is susceptible to out-of-gas errors when processing a large number of recipients. This vulnerability can lead to transaction failures hindering large-scale token distributions

Vulnerability Details

The airdropERC20 functions iterates through a list of recipients performing individual token transfers within a loop. Each transfer consumes gas and the cumulative gas usage increases with the number of recipients. If the recipient list is extensive, the total gas consumption can exceed the Ethereum block gas limit causing transaction failure due to out-of-gas errors.

Impact

Users attempting large-scale token distributions will experience transaction failures preventing successful token transfers

Tools Used

Manual review

Recommendations

Modify the airdropERC20 functions to process recipients in smaller batches. Define a fixed batch size (e.g., 100 recipients) that ensures each batch stays well below the gas limit.