TSender

Cyfrin

DeFiFoundry

15,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Invalid

potential flaw in the time complexity of the duplicate recipient check within the areListsValid function

sm2368688

There's a potential flaw in the time complexity of the duplicate recipient check within the areListsValid function

The function utilizes a nested loop to identify duplicate recipients. The outer loop iterates through each element in the recipients array, while the inner loop compares the current element with all subsequent elements. This results in a time complexity of O(n^2), where n is the length of the recipients array.

Flaw Explanation:

As the number of recipients (n) increases, the number of comparisons performed by the nested loops grows quadratically. This can become computationally expensive for larger airdrops, potentially impacting gas costs and transaction processing times.

Impact:

Increased Gas Costs: Due to the O(n^2) complexity, the gas cost for the function execution grows significantly with a larger number of recipients. This could make airdrops with a vast number of participants impractical.
Slow Transaction Processing: The high number of comparisons can slow down the transaction processing time, especially on congested networks.

Potential Fix:

To optimize this function, you could consider using a data structure that allows for more efficient duplicate checking. For instance, a Solidity mapping could be used to track whether an address has already been seen.

Here’s an example of how you might refactor the function to use a mapping:

function areListsValid(address[] calldata recipients, uint256[] calldata amounts) external pure returns (bool) {
if (recipients.length == 0 || recipients.length != amounts.length) {
return false;
}

mapping(address => bool) seen;

for (uint256 i = 0; i < recipients.length; i++) {
    if (recipients[i] == address(0) || amounts[i] == 0 || seen[recipients[i]]) {
        return false;
    }
    seen[recipients[i]] = true;
}

return true;

}

This refactored function uses a mapping to keep track of which addresses have been encountered. If an address is seen for a second time, the function will return false. This approach has a time complexity of O(n), which is more efficient than the original O(n2).

Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago

Submission Judgement Published

Invalidated

Reason: Known issue

Prize pool breakdown

Total prize

15,000 USDC

nSLOC

256

59 USDC / LOC

High Medium

12,500 USDC

Low

1,375 USDC

Judges

1,125 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.