Unbounded Loops in Pot Contract Can Fail Transactions
Summary
The Pot.sol contract contains multiple functions that utilize unbounded loops, specifically within the constructor and closePot functions.
Vulnerability Details
These loops iterate over arrays such as players and claimants without any restrictions on their length. Given that Ethereum transactions are subject to a maximum gas limit, processing excessively large arrays can cause the transaction to fail if the required gas exceeds this limit.
Affected Code:
Impact
If these arrays are too large, the gas required for the transaction may exceed Ethereum’s block gas limit, causing the transaction to fail. This risk is particularly concerning for users attempting to create contest or close contest, leading to failed transactions and wasted gas fees.
Tools Used
Manual review
Recommendations
Introduce a maximum allowable length for arrays such as players and claimants. This will prevent users from submitting excessively large arrays that could result in transaction failures due to gas limit exceedance. The maximum array length should be determined based on the typical gas consumption of these loops and the current block gas limit.
Lead Judging Commences
Unbound for loop in Contest Creation
Unbound loop in closePot
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.