_depositIntoEscrow will use all remaining gas instead of reverting if ids parameter is empty
Summary
In Bridge.sol in the depositTokens function, if ids is empty then _depositIntoEscrow will fail on the condition assert(ids.length > 0). This works as intended but will guzzle all the remaining gas of the user, instead you can make use of require to refund the remaining gas to the user.
Vulnerability Details
The assert statement in Solidity will consume all remaining gas if the condition fails. This is because assert is intended for internal errors and invariants, and it reverts the transaction with a state change rollback, consuming all remaining gas
Impact
Loss of gas
Tools Used
Manuel review
Recommendations
Replace the assert statement with a require statement to ensure that the function reverts with an appropriate error message and returns the remaining gas to the caller if ids.length is 0. require(ids.length > 0, "Escrow: ids array is empty");
Lead Judging Commences
Informational / Gas
Please, do not suppose impacts, think about the real impact of the bug and check the CodeHawks documentation to confirm: https://docs.codehawks.com/hawks-auditors/how-to-determine-a-finding-validity A PoC always helps to understand the real impact possible.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.