ArkProject: NFT Bridge

ArkProject

NFTBridge

60,000 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

Unbounded Loop in Whitelist Management Function

agent3bood

Summary

The _whiteListCollection function in the smart contract contains an unbounded loop that iterates over the entire _collections array. This design could lead to excessive gas consumption or even function failure due to block gas limits, especially as the number of whitelisted collections grows.

Vulnerability Details

The vulnerable code is located in the _whiteListCollection function:

https://github.com/Cyfrin/2024-07-ark-project/blob/8f4f71d8b6487c316334a7e427f888cda01c8cff/apps/blockchain/ethereum/src/Bridge.sol#L340

The function iterates through the entire _collections array to check if the collection already exists before adding it. As the number of collections grows, this operation becomes increasingly expensive in terms of gas consumption.

Impact

Gas Limit Exceeded: For a large number of collections, the function may exceed the block gas limit, preventing any further additions to the whitelist.
Denial of Service: The contract could become unusable for whitelist management operations if the gas cost becomes prohibitively high.
Increased Costs: Even when successful, the operation becomes increasingly expensive for users as the list grows.

Tools Used

Manual code review

Recommendations

Use OpenZeppelin's EnumerableSet library: OpenZeppelin provides an efficient implementation for enumerable sets, which is ideal for this use case. Replace the current implementation with EnumerableSet.AddressSet. This will provide efficient add, remove, and enumeration operations.

PoC

// SPDX-License-Identifier: GPL-3.0

pragma solidity ^0.8.0;

contract ArrBig {

address[] _collections = new address[](10000);

mapping(address => bool) _whiteList;

function whiteList(address collection, bool enable) external {

_whiteListCollection(collection, enable);

}

function _whiteListCollection(address collection, bool enable) internal {

if (enable && !_whiteList[collection]) {

bool toAdd = true;

uint256 i = 0;

while(i < _collections.length) {

if (collection == _collections[i]) {

toAdd = false;

break;

}

i++;

}

if (toAdd) {

_collections.push(collection);

}

_whiteList[collection] = enable;

}

/**

input data

0x5B38Da6a701c568545dCfcB03FcB875f56beddC4,true

size -> cost

0 -> 10_2672

100 -> 33_4980

1000 -> 3_105_207

500 -> 1_594_107

10_000 -> 30_305_007 // above block gas limit

**/

Updates

Lead Judging Commences

n0kto Lead Judge 10 months ago

Submission Judgement Published

Invalidated

Reason: Known issue

Assigned finding tags:

invalid-unwhitelist-on-L1-do-not-pop-from-array

LightChaser: Low-19, Gas-10

Prize pool breakdown

Total prize

60,000 USDC

nSLOC

2,301

26 USDC / LOC

High Medium

50,000 USDC

Low

5,500 USDC

Judges

4,500 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.