The ReseedField
contract has an issue in its init
function where the wrong loop variable is being incremented in a nested loop. This error can lead to an infinite loop or out-of-bounds access, potentially causing the function to revert or consume all available gas.
In the init
function of the ReseedField
contract, there is a nested loop that iterates over accountPlots
and their respective plots
. The inner loop incorrectly increments the outer loop variable i
instead of the inner loop variable j
:
This mistake causes the inner loop to never terminate properly, as j
is not incremented. Depending on the input data, this could lead to an infinite loop or an out-of-bounds array access.
The impact of this vulnerability is severe:
Gas Exhaustion: The function may consume all available gas, causing the transaction to fail.
Denial of Service: The contract's init
function becomes unusable, preventing the proper initialization of the field.
Incorrect State: If the function doesn't revert due to gas exhaustion, it may partially update the contract state, leaving it in an inconsistent or incorrect state.
This bug effectively renders the init
function non-functional, which is critical as it's responsible for re-initializing the entire field state.
manual code review.
The inner loop should increment j
instead of i
as shown below:
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.