NFTBridge
60,000 USDC
View results
Submission Details
Severity: low
Invalid

Gas Consumption and Scalability Vulnerability in whiteList Function of the Starklane contract.

Summary

The whiteList function in the Starklane contract exhibits significant gas consumption as the number of collections increases. This behavior poses scalability challenges and potential denial of service (DoS) risks, particularly when processing large batches of addresses.

Vulnerability Details

https://github.com/Cyfrin/2024-07-ark-project/blob/273b7b94986d3914d5ee737c99a59ec8728b1517/apps/blockchain/ethereum/src/Bridge.sol#L34

https://github.com/Cyfrin/2024-07-ark-project/blob/273b7b94986d3914d5ee737c99a59ec8728b1517/apps/blockchain/ethereum/src/Bridge.sol#L340

https://github.com/Cyfrin/2024-07-ark-project/blob/273b7b94986d3914d5ee737c99a59ec8728b1517/apps/blockchain/ethereum/src/Bridge.sol#L284

The function's gas usage grows linearly with the number of collections, exceeding typical Ethereum block gas limits for large inputs.

Impact

  1. Scalability Concerns:

    Operations involving 1000 or more collections exceed Ethereum's block gas limit (~30 million gas), making them impossible to complete in a single transaction.

  2. Dos: Users attempting to whitelist a large number of addresses might cause transactions to fail, potentially locking up contract functionality.

  3. Operational Efficiency:

    • High gas costs deter users from interacting with the contract and may render it impractical for production environments.

Poc:

  • The test function testWhiteListGasConsumption0 simulates adding 100, 500, and 1000 addresses to the whitelist. if we input 2000 addresses we encounter EvmError: OutOfGas.

  • Gas Measurement: It measures the gas consumed for each batch size, demonstrating the linear increase in consumption.

  • Outcome: The test highlights how processing larger batches quickly becomes impractical due to high gas costs and potential transaction failures.

function testWhiteListGasConsumption0() public {
// Set hypothetical gas price for the test
vm.txGasPrice(1);
uint256 numCollections1 = 100;
address[] memory collections1 = new address[](numCollections1);
for (uint256 i = 0; i < numCollections1; i++) {
collections1[i] = address(uint160(uint256(keccak256(abi.encodePacked(i)))));
}
uint256 gasBefore1 = gasleft();
for (uint256 i = 0; i < numCollections1; i++) {
IStarklane(bridge).whiteList(collections1[i], true);
}
uint256 gasAfter1 = gasleft();
uint256 gasUsed1 = (gasBefore1 - gasAfter1) * tx.gasprice;
uint256 numCollections2 = 500;
address[] memory collections2 = new address[](numCollections2);
for (uint256 i = 0; i < numCollections2; i++) {
collections2[i] = address(uint160(uint256(keccak256(abi.encodePacked(i)))));
}
uint256 gasBefore2 = gasleft();
for (uint256 i = 0; i < numCollections2; i++) {
IStarklane(bridge).whiteList(collections2[i], true);
}
uint256 gasAfter2 = gasleft();
uint256 gasUsed2 = (gasBefore2 - gasAfter2) * tx.gasprice;
// Test with a larger number of collections
uint256 numCollections3 = 1000;
address[] memory collections3 = new address[](numCollections3);
for (uint256 i = 0; i < numCollections3; i++) {
collections3[i] = address(uint160(uint256(keccak256(abi.encodePacked(i)))));
}
uint256 gasBefore3 = gasleft();
for (uint256 i = 0; i < numCollections3; i++) {
IStarklane(bridge).whiteList(collections3[i], true);
}
uint256 gasAfter3 = gasleft();
uint256 gasUsed3 = (gasBefore3 - gasAfter3) * tx.gasprice;
console.log("Gas used with 100 collections: ", gasUsed1);
console.log("Gas used with 500 collections: ", gasUsed2);
console.log("Gas used with 1000 collections: ", gasUsed3); // Adjust based on capacity
}

Tools Used

Manual review

Recommendations

  1. Batch Processing: Implement batch processing with limits on the number of addresses per transaction to manage gas consumption better.

  2. Limits: Consider setting explicit limits on how many collections can be whitelisted in a single call.

Updates

Lead Judging Commences

n0kto Lead Judge 9 months ago
Submission Judgement Published
Invalidated
Reason: Known issue
Assigned finding tags:

invalid-unwhitelist-on-L1-do-not-pop-from-array

LightChaser: Low-19, Gas-10

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.