ArkProject: NFT Bridge
ArkProject
NFTBridge
60,000 USDC
View results
Previous Next
Submission Details
Severity: high
Invalid

Permanent DoS on L1 due to non-shrinking array usage in an unbounded loop in `Bridge::_whiteListCollection()`

0xnbvc

Vulnerability Details

The LightChaserV3 bot has found one instance of this vulnerability in the Bridge::getWhiteListedCollections() view function on L1 (see [Medium-1] Permanent DoS due to non-shrinking array usage in an unbounded loop).

However, it missed a critical instance in Bridge::_whiteListCollection() internal function, which is called by Bridge::withdrawTokens() and Bridge::whiteList():

Bridge.sol#L340-L356

function _whiteListCollection(address collection, bool enable) internal {
if (enable && !_whiteList[collection]) {
bool toAdd = true;
uint256 i = 0;
-> while(i < _collections.length) {
if (collection == _collections[i]) {
toAdd = false;
break;
}
i++;
}
if (toAdd) {
_collections.push(collection);
}
}
_whiteList[collection] = enable;
}

If the _collections state variable becomes too big, the loop will ran out of gas and cause a permanent DoS to Bridge::withdrawTokens() (and Bridge::whiteList()), locking the user's tokens.

Impact

Permanent DoS and loss of funds.

Recommendations

Either limit the size of the _collections array, or add a function to remove values from the _collections array in case it becomes too big.

Updates

Lead Judging Commences

n0kto Lead Judge 9 months ago
Submission Judgement Published
Invalidated
Reason: Lack of quality

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.