Tadle
Tadle
DeFiFoundry
27,750 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

tokens array can exceed the block gas limit

0xkrkba

Summary

Vulnerability Details

in TokenManager::updateTokenWhiteListed

function updateTokenWhiteListed(
address[] calldata _tokens,
bool _isWhiteListed
) external onlyOwner {
uint256 _tokensLength = _tokens.length;
for (uint256 i = 0; i < _tokensLength; ) {
_updateTokenWhiteListed(_tokens[i], _isWhiteListed);
unchecked {
++i;
}
}
}

if the Owner try to whitLlist large amount of tokens at one call, this can exceed the block gas limit .

Impact

exceed the block gas limit

Tools Used

Recommendations

you can do estimation about how it cost to whitelist a token and make sure the number of _tokens will not be more than that by adding require _tokensLength < your calc result.

Updates

Lead Judging Commences

0xnevi Lead Judge 12 months ago
Submission Judgement Published
Invalidated
Reason: Known issue
Assigned finding tags:

[invalid] finding-Admin-Errors-Malicious

The following issues and its duplicates are invalid as admin errors/input validation/malicious intents are1 generally considered invalid based on [codehawks guidelines](https://docs.codehawks.com/hawks-auditors/how-to-determine-a-finding-validity#findings-that-may-be-invalid). If they deploy/set inputs of the contracts appropriately, there will be no issue. Additionally admins are trusted as noted in READ.ME they can break certain assumption of the code based on their actions, and

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.