TSender
Cyfrin
DeFiFoundry
15,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Unbounded loop may cause airdropERC20 to fail

oceansky

Vulnerability details

All Tsender contracts implement function airdropERC20 in which it takes in an array of recipients and an array of amounts, and sends the amounts to the recipients.

However, there is no limit on how many recipients that it will take and this can cause denial of service at some point due to out of gas error. Currently, in Ethereum, there is 30 million gas limit per block . As per contest details or sponsor provided information, there is already an average of 25 million gas spent for 1000 addresses, so if we double it to 2000, more likely DOS will happen.

Here is the for loop implemented inside function airdropERC20

for { let addressOffset := recipients.offset } 1 {} {
let recipient := calldataload(addressOffset)
// Check to address
if iszero(recipient) {
mstore(0x00, 0x1647bca2) // cast sig "TSender__ZeroAddress()"
revert(0x1c, 0x04)
}
// to address
mstore(0x04, recipient)
// amount
mstore(0x24, calldataload(sub(addressOffset, diff)))
// Keep track of the total amount
addedAmount := add(addedAmount, mload(0x24))
// transfer the tokens
if iszero(call(gas(), tokenAddress, 0, 0x00, 0x44, 0, 0)) {
mstore(0x00, 0xfa10ea06) // cast sig "TSender__TransferFailed()"
revert(0x1c, 0x04)
}
// increment the address offset
addressOffset := add(addressOffset, 0x20)
// if addressOffset >= end, break
if iszero(lt(addressOffset, end)) { break }
}

Impact

Denial of service of airdropERC20 due to out of gas error.

Tools Used

Manual review

Recommendations

Implement a limit on how many addresses that the function will take to avoid the out of gas error.

Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Design choice

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.