ArkProject: NFT Bridge

ArkProject

NFTBridge

60,000 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

Gas Consumption and Scalability Vulnerability in whiteList Function of the Starklane contract.

NoodleDonn212

Summary

The whiteList function in the Starklane contract exhibits significant gas consumption as the number of collections increases. This behavior poses scalability challenges and potential denial of service (DoS) risks, particularly when processing large batches of addresses.

Vulnerability Details

https://github.com/Cyfrin/2024-07-ark-project/blob/273b7b94986d3914d5ee737c99a59ec8728b1517/apps/blockchain/ethereum/src/Bridge.sol#L34

https://github.com/Cyfrin/2024-07-ark-project/blob/273b7b94986d3914d5ee737c99a59ec8728b1517/apps/blockchain/ethereum/src/Bridge.sol#L340

https://github.com/Cyfrin/2024-07-ark-project/blob/273b7b94986d3914d5ee737c99a59ec8728b1517/apps/blockchain/ethereum/src/Bridge.sol#L284

The function's gas usage grows linearly with the number of collections, exceeding typical Ethereum block gas limits for large inputs.

Impact

Scalability Concerns:

Operations involving 1000 or more collections exceed Ethereum's block gas limit (~30 million gas), making them impossible to complete in a single transaction.
Dos: Users attempting to whitelist a large number of addresses might cause transactions to fail, potentially locking up contract functionality.
Operational Efficiency:
- High gas costs deter users from interacting with the contract and may render it impractical for production environments.

Poc:

The test function testWhiteListGasConsumption0 simulates adding 100, 500, and 1000 addresses to the whitelist. if we input 2000 addresses we encounter EvmError: OutOfGas.
Gas Measurement: It measures the gas consumed for each batch size, demonstrating the linear increase in consumption.
Outcome: The test highlights how processing larger batches quickly becomes impractical due to high gas costs and potential transaction failures.

function testWhiteListGasConsumption0() public {

// Set hypothetical gas price for the test

vm.txGasPrice(1);

uint256 numCollections1 = 100;

address[] memory collections1 = new address[](numCollections1);

for (uint256 i = 0; i < numCollections1; i++) {

collections1[i] = address(uint160(uint256(keccak256(abi.encodePacked(i)))));

}

uint256 gasBefore1 = gasleft();

for (uint256 i = 0; i < numCollections1; i++) {

IStarklane(bridge).whiteList(collections1[i], true);

}

uint256 gasAfter1 = gasleft();

uint256 gasUsed1 = (gasBefore1 - gasAfter1) * tx.gasprice;

uint256 numCollections2 = 500;

address[] memory collections2 = new address[](numCollections2);

for (uint256 i = 0; i < numCollections2; i++) {

collections2[i] = address(uint160(uint256(keccak256(abi.encodePacked(i)))));

}

uint256 gasBefore2 = gasleft();

for (uint256 i = 0; i < numCollections2; i++) {

IStarklane(bridge).whiteList(collections2[i], true);

}

uint256 gasAfter2 = gasleft();

uint256 gasUsed2 = (gasBefore2 - gasAfter2) * tx.gasprice;

// Test with a larger number of collections

uint256 numCollections3 = 1000;

address[] memory collections3 = new address[](numCollections3);

for (uint256 i = 0; i < numCollections3; i++) {

collections3[i] = address(uint160(uint256(keccak256(abi.encodePacked(i)))));

}

uint256 gasBefore3 = gasleft();

for (uint256 i = 0; i < numCollections3; i++) {

IStarklane(bridge).whiteList(collections3[i], true);

}

uint256 gasAfter3 = gasleft();

uint256 gasUsed3 = (gasBefore3 - gasAfter3) * tx.gasprice;

console.log("Gas used with 100 collections: ", gasUsed1);

console.log("Gas used with 500 collections: ", gasUsed2);

console.log("Gas used with 1000 collections: ", gasUsed3); // Adjust based on capacity

}

Tools Used

Manual review

Recommendations

Batch Processing: Implement batch processing with limits on the number of addresses per transaction to manage gas consumption better.
Limits: Consider setting explicit limits on how many collections can be whitelisted in a single call.

Updates

Lead Judging Commences

n0kto Lead Judge 9 months ago

Submission Judgement Published

Invalidated

Reason: Known issue

Assigned finding tags:

invalid-unwhitelist-on-L1-do-not-pop-from-array

LightChaser: Low-19, Gas-10

Prize pool breakdown

Total prize

60,000 USDC

nSLOC

2,301

26 USDC / LOC

High Medium

50,000 USDC

Low

5,500 USDC

Judges

4,500 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.