Submission Details
Severity:
Unbounded Loop
Summary
Functions like getOfferinfo may potentially loop through larger data sets if not properly bounded.
Vulnerability Details
A malicious actor could cause the contract to run out of gas by creating large data sets, resulting in denial of service.
Impact
The contract could ran out of gas created by large data sets, resulting in a DOS attack
Tools Used
Manual review
CODE SNIPPET
function getOfferInfo(
address _offer
)
internal
view
returns (
OfferInfo memory offerInfo,
MakerInfo memory makerInfo,
MarketPlaceInfo memory marketPlaceInfo,
MarketPlaceStatus status
)
{
IPerMarkets perMarkets = tadleFactory.getPerMarkets();
ISystemConfig systemConfig = tadleFactory.getSystemConfig();
offerInfo = perMarkets.getOfferInfo(_offer);
makerInfo = perMarkets.getMakerInfo(offerInfo.maker);
marketPlaceInfo = systemConfig.getMarketPlaceInfo(
makerInfo.marketPlace
);
status = MarketPlaceLibraries.getMarketPlaceStatus(
block.timestamp,
marketPlaceInfo
);
Recommendations
Ensure that loops and data operations are bounded and gas-efficient.Consider using pagination or batching techniques for large data sets. For example
for(uint256 i=0;i<MAX_OFFERS;i++){
...
}
Prize pool breakdown
Total prize
27,750 USDC
nSLOC
1,22923 USDC / LOC
25,000 USDC
2,750 USDC
2,250 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.