Submission Details
Severity:
Possible dos because of long array
Summary
claimants is stored with one array. If one contest has lots of players, we may have one long claimants array. This will cause closing pot reverted because of out of gas.
Vulnerability Details
When we close the pot, we will transfer one part of remaining rewards to all claimants.
The problem is that we may have one large claimants array. This could cause the long array loop reverted because of out of gas.
function closePot() external onlyOwner {
if (block.timestamp - i_deployedAt < 90 days) {
revert Pot__StillOpenForClaim();
}
if (remainingRewards > 0) {
uint256 managerCut = remainingRewards / managerCutPercent;
i_token.transfer(msg.sender, managerCut);
uint256 claimantCut = (remainingRewards - managerCut) / i_players.length;
@> for (uint256 i = 0; i < claimants.length; i++) {
_transferReward(claimants[i], claimantCut);
}
}
}
Impact
Pot cannot be closed and remaining rewards will be locked in pot.
Tools Used
Manual
Recommendations
Record the distribution amount, and add another claim function to let users claim this distribution funds themselves.
Updates
Lead Judging Commences
equious about 1 year ago
Submission Judgement Published Assigned finding tags:
Unbound loop in closePot
Rewards breakdown
nSLOC
106This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.