Biconomy: Nexus
Biconomy
HardhatFoundry
30,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Function Call in Loop on Function 'createMultipleConfigs'

juggernaut63

File location:

https://github.com/Cyfrin/2024-07-biconomy/blob/9590f25cd63f7ad2c54feb618036984774f3879d/contracts/lib/BootstrapLib.sol#L41-L43

Summary

The 'createMultipleConfigs' function makes 'createSingleConfig' function calls in the loop, which can cause inefficient gas usage and increase the potential for transaction failure due to block gas limitations.

Vulnerability Details

In the 'createMultipleConfigs' function, the 'createSingleConfig' function is called inside the loop for each element in the 'modules' and 'datas' arrays. Each time the function is called, the gas used will increase. In cases where the 'modules' and 'datas' arrays are large, this may cause the transaction to run out of gas or exceed the allowed block gas limit, thereby causing transaction failure.

Impact

  • Transaction failure due to running out of gas.

  • Unnecessary increase in transaction costs.

  • Potential DoS (Denial of Service) attack if an attacker deliberately exploits this weakness by entering very large data.

Tools Used

  • Inspection manual

  • Solidity

  • Foundry

Recommendations

To fix this problem, we can consider several approaches. One way is to avoid calling the 'createSingleConfig' function inside the loop. Because the 'createSingleConfig' function only initializes the 'BootstrapConfig' struct, we can do this directly inside the loop without calling the function.

Code snippet:

L41-L43

for (uint256 i = 0; i < modules.length; i++) {
configs[i] = createSingleConfig(modules[i], datas[i]);
}

Fixed code:

function createMultipleConfigs(address[] memory modules, bytes[] memory datas) public pure returns (BootstrapConfig[] memory configs) {
require(modules.length == datas.length, "BootstrapLib: length mismatch");
configs = new BootstrapConfig[](modules.length);
for (uint256 i = 0; i < modules.length; i++) {
configs[i] = BootstrapConfig({
module: modules[i],
data: datas[i]
});
}
}

Code when testing using Foundry:

library BootstrapLib {
struct BootstrapConfig {
address module;
bytes data;
}
function createSingleConfig(address module, bytes memory data) internal pure returns (BootstrapConfig memory config) {
config = BootstrapConfig({
module: module,
data: data
});
}
function createMultipleConfigs(address[] memory modules, bytes[] memory datas) public pure returns (BootstrapConfig[] memory configs) {
require(modules.length == datas.length, "BootstrapLib: length mismatch");
configs = new BootstrapConfig[](modules.length);
for (uint256 i = 0; i < modules.length; i++) {
configs[i] = BootstrapConfig({
module: modules[i],
data: datas[i]
});
}
}
}

Foundry output:

Ran 2 tests for test/TestBootstrapLib.sol:TestBootstrapLib
[PASS] testCreateMultipleConfigs() (gas: 17419)
[PASS] testCreateMultipleConfigsLengthMismatch() (gas: 12175)
Suite result: ok. 2 passed; 0 failed; 0 skipped; finished in 55.27ms (29.33ms CPU time)

Ran 1 test suite in 110.40ms (55.27ms CPU time): 2 tests passed, 0 failed, 0 skipped (2 total tests)

Updates

Lead Judging Commences

0xnevi Lead Judge 11 months ago
Submission Judgement Published
Invalidated
Reason: Known issue
Assigned finding tags:

finding-loop-array-length-not-checked

Invalid [known issue [NonCritical-16]](https://github.com/Cyfrin/2024-07-biconomy/issues/1)

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.