Beanstalk: The Finale
Beanstalk
DeFiHardhatFoundry
250,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Not capped array can grow too big and lead to out of gas error

eason

Summary

Not capped array can grow too big and lead to out of gas error

Vulnerability Details

If an user wants to Re-initializes the field, a for-loop will iterate over all of his positions to the relevant indexes. However, this loop will go over all of the past position as well, and in long period of time, if the user interacts with the protocol many times, this array can grow too big and the call can exceed the block gas limit which will DoS the protocol.

function init(
MigratedPlotData[] calldata accountPlots,
uint256 totalPods,
uint256 harvestable,
uint256 harvested,
uint256 fieldId,
uint8 initialTemperature
) external {
uint256 calculatedTotalPods;
for (uint i; i < accountPlots.length; i++) {
for (uint j; j < accountPlots[i].plots.length; i++) {
uint256 podIndex = accountPlots[i].plots[j].podIndex;
uint256 podAmount = accountPlots[i].plots[j].podAmounts;
s.accts[accountPlots[i].account].fields[fieldId].plots[podIndex] = podAmount;
s.accts[accountPlots[i].account].fields[fieldId].plotIndexes.push(podIndex);
emit MigratedPlot(accountPlots[i].account, podIndex, podAmount);
calculatedTotalPods += podAmount;
}
}

Impact

https://github.com/Cyfrin/2024-05-beanstalk-the-finale/blob/4e0ad0b964f74a1b4880114f4dd5b339bc69cd3e/protocol/contracts/beanstalk/init/reseed/L2/ReseedField.sol#L48

Tools Used

Manual Review

Recommendations

Consider limit accountPlots length.

Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

Informational/Gas

Invalid as per docs https://docs.codehawks.com/hawks-auditors/how-to-determine-a-finding-validity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.