ArkProject: NFT Bridge
ArkProject
NFTBridge
60,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

There's no check to prevent an infinite loop if the list is circular in _white_list_collection

sabit

Summary

There's no check to prevent an infinite loop if the list is circular in _white_list_collection.

Vulnerability Details

The loop in question is this one:

// find last element
loop {
let (_, next) = self.white_listed_list.read(prev);
if next.is_zero() {
break;
}
let (active, _) = self.white_listed_list.read(next);
if !active {
break;
}
prev = next;
};

https://github.com/Cyfrin/2024-07-ark-project/blob/273b7b94986d3914d5ee737c99a59ec8728b1517/apps/blockchain/starknet/src/bridge.cairo#L502C14-L513C19

This loop is intended to find the last element in the whitelist. It does this by traversing the linked list, moving from one element to the next until it either finds an element with no next pointer (i.e., next.is_zero()) or an inactive element.

The vulnerability arises because there's an assumption that the list will eventually end (either with a zero address or an inactive element). However, if due to a bug or malicious action, the list becomes circular (i.e., the last element points back to an earlier element in the list), this loop would continue indefinitely.

For example, if we have a list A -> B -> C -> A and all elements are active, the loop would never terminate. It would keep cycling through A, B, and C forever.

Impact

The infinite loop could lead to a denial of service (DoS).

Tools Used

Manual review

Recommendations

Implement a check to detect cycles in the linked list.

Updates

Lead Judging Commences

n0kto Lead Judge 9 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.