The whiteList
function in the Starklane contract exhibits significant gas consumption as the number of collections increases. This behavior poses scalability challenges and potential denial of service (DoS) risks, particularly when processing large batches of addresses.
The function's gas usage grows linearly with the number of collections, exceeding typical Ethereum block gas limits for large inputs.
Scalability Concerns:
Operations involving 1000 or more collections exceed Ethereum's block gas limit (~30 million gas), making them impossible to complete in a single transaction.
Dos: Users attempting to whitelist a large number of addresses might cause transactions to fail, potentially locking up contract functionality.
Operational Efficiency:
High gas costs deter users from interacting with the contract and may render it impractical for production environments.
Poc:
The test function testWhiteListGasConsumption0
simulates adding 100, 500, and 1000 addresses to the whitelist. if we input 2000 addresses we encounter EvmError: OutOfGas.
Gas Measurement: It measures the gas consumed for each batch size, demonstrating the linear increase in consumption.
Outcome: The test highlights how processing larger batches quickly becomes impractical due to high gas costs and potential transaction failures.
Tools Used
Manual review
Batch Processing: Implement batch processing with limits on the number of addresses per transaction to manage gas consumption better.
Limits: Consider setting explicit limits on how many collections can be whitelisted in a single call.
LightChaser: Low-19, Gas-10
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.