ArkProject: NFT Bridge
ArkProject
NFTBridge
60,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

DOS attack possible when whitelisting collection

0xspacepirate

Summary

https://github.com/Cyfrin/2024-07-ark-project/blob/273b7b94986d3914d5ee737c99a59ec8728b1517/apps/blockchain/ethereum/src/Bridge.sol#L344

Unnecessary address iteration which will become way to expensive over time.

Vulnerability Details

In Bridge::_whiteListCollection, we have a while statement which iterates through the whole array of addresses _collections:

function _whiteListCollection(address collection, bool enable) internal {
if (enable && !_whiteList[collection]) {
bool toAdd = true;
uint256 i = 0;
while(i < _collections.length) { // audit-med - DOS
if (collection == _collections[i]) {
toAdd = false;
break;
}
i++;
}
if (toAdd) {
_collections.push(collection);
}
}
_whiteList[collection] = enable;
}

However, that iteration may result in DOS if a lot of people whitelist their addresses because the array _collections will become to large and gas expensive to iterate through which is likely to happen.

Proof of Concept

  1. Large of number of users whitelist collections, thus the array holding the addresses of the collections becomes extremely expensive to iterate through.

  2. Someone tries to whitelist a new collection.

Impact

Impact: High

Likelihood: Medium

Tools Used

Manual Review

Recommendations

Instead of using address[] _collections use a map such as mapping(address => bool) _collections. Thus, look up is faster and there is no need to iterate through the map resulting in huge gas savings and no DOS.

Updates

Lead Judging Commences

n0kto Lead Judge 10 months ago
Submission Judgement Published
Invalidated
Reason: Known issue
Assigned finding tags:

invalid-unwhitelist-on-L1-do-not-pop-from-array

LightChaser: Low-19, Gas-10

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.