ArkProject: NFT Bridge
ArkProject
NFTBridge
60,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Potential Denial of Service due to unbounded `_collections` array growth

mikb

Summary

The _collections array in the Starklane contract grows indefinitely as new collections are added, without a mechanism to remove unused collections. This could lead to out-of-gas errors in functions that iterate over this array, potentially causing a denial of service.

Vulnerability Details

In the _whiteListCollection function, new collections are added to the _collections array:

if (toAdd) {
_collections.push(collection);
}

Then, getWhiteListedCollections iterates over the entire _collections array:

for (uint256 i = 0; i < nbElem; ++i) {
address cur = _collections[i];
if (_whiteList[cur]) {
ret[offset] = cur;
offset += 1;
}
}

Thus, there is no mechanism to remove collections from the _collections array when they are no longer whitelisted.

Impact

As the protocol is used over time and more collections are added, the _collections array will grow indefinitely, leading to DoS of protocol functionality that relies on iterating over all collections.

Tools Used

Manual review

Recommendations

  1. Implement a function to remove unused collections from the _collections array.

  2. Modify the _whiteListCollection function to remove collections when they are un-whitelisted.

  3. Implement a pagination mechanism for getWhiteListedCollections to allow retrieval of subsets of the whitelist.

Updates

Lead Judging Commences

n0kto Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Known issue
Assigned finding tags:

invalid-unwhitelist-on-L1-do-not-pop-from-array

LightChaser: Low-19, Gas-10

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!