Zaros Part 1

Zaros

DeFiFoundry

60,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Invalid

Unbounded gas consumption in GlobalConfigurationBranch.sol

Jan

Summary

The contract GlobalConfigurationBranch.sol contains a risky loop that iterates over a range of values defined by lowerBound and upperBound in the external function getAccountsWithActivePositions.

Vulnerability Details

There are no input validations to ensure that lowerBound <= upperBound. If lowerBound > upperBound, this can lead to issues because the smart contract creates an array of size upperBound - lowerBound + 1, which could underflow leading to potentially massive gas costs and in the worst-case scenario could result in the contract becoming stuck if it exceeds the block gas limit.

The getAccountsWithActivePositions function also does not include any sanity checks to determine that the provided bounds correspond to valid values within the range of accountsIdsWithActivePositions.

Example

function getAccountsWithActivePositions(

uint256 lowerBound,

uint256 upperBound

)

external

view

returns (uint128[] memory accountsIds)

{

GlobalConfiguration.Data storage globalConfiguration = GlobalConfiguration.load();

accountsIds = new uint128[](upperBound - lowerBound + 1);

uint256 index = 0;

for (uint256 i = lowerBound; i <= upperBound; i++) {

accountsIds[index] = uint128(globalConfiguration.accountsIdsWithActivePositions.at(i));

index++;

}

Impact

Any user can call this function with values of lowerBound and upperBound greater than the length of accountsIdsWithActivePositions array or lowerBound > upperBound which can result in invalid/access to out-of-bound array, or underflow.

Tools Used

Manual review

Recommendations

You should validate the provided lower and upper bounds to ensure that they correspond to valid values within accountsIdsWithActivePositions range before initiating the loop. You should also ensure that lowerBound <= upperBound. Incorporating require statements with proper error messages to verify these bounds could help mitigate this issue.

For example,

require(lowerBound <= upperBound, "Invalid Bounds: LowerBound is Greater than UpperBound");

require(upperBound < globalConfiguration.accountsIdsWithActivePositions.length(), "Upperbound Exceeds the Array Length");

Updates

Lead Judging Commences

inallhonesty Lead Judge 10 months ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Prize pool breakdown

Total prize

60,000 USDC

nSLOC

2,878

21 USDC / LOC

High Medium

50,000 USDC

Low

5,500 USDC

Judges

4,500 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.