MyCut
First Flight #23
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: low
Valid

[L-1] DoS attack in Constructor of Pot.sol

JJS

Description

In the Pot.sol constructor there are two arrays that are passed: `players` and `rewards`. They are copied into the state variables `i_players` and `i_rewards`. Assuming that the player array and the rewards array are equal, each of the players is assigned a sum of the rewards using the `playersToRewards` mapping. To do that the protocol uses a for loop to copy the data into the mapping.

constructor(address[] memory players, uint256[] memory rewards, IERC20 token, uint256 totalRewards) {
i_players = players;
i_rewards = rewards;
i_token = token;
i_totalRewards = totalRewards;
remainingRewards = totalRewards;
i_deployedAt = block.timestamp;
// i_token.transfer(address(this), i_totalRewards);
// @audit Low - DoS attack. An attacker could enter loads of different addresses as players and cause the protocl to be really gas expensive from the for loop.
@> for (uint256 i = 0; i < i_players.length; i++) {
playersToRewards[i_players[i]] = i_rewards[i];
}
}

Impact

When using a list that can be potentially unlimited a DoS (Denial of Service) attack could be exploited. If an attacker decided to, they could enter the contents with a big number of different addresses and make the array enormous. This will cause the gas fees for the protocol to be unreasonably expensive, and render the protocol unusable.

Tools Used

Manual Review

Recommended Mitigation

Add a limit to the amount of players allowed to participate in each contest.

Updates

Lead Judging Commences

equious Lead Judge about 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

Unbound for loop in Contest Creation

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.