Gas inefficiencies in looping over rewards
Summary
State dependency on loop size in function claimAllRewards can cause out-of-gas exceptions or very high gas fees, depending on the size of the rewards array.
Vulnerability Details
The for loop iterates over the rewardsOwned[msg.sender] array, and if the array grows large, this can lead to out-of-gas exceptions or very high gas fees, depending on the size of the rewards array.
Impact
In functions like claimAllRewards(), you loop over arrays that could grow very large over time, leading to high gas costs or out-of-gas errors especially if users accumulate a large number of rewards or boxes. This can cause transactions to fail, leading to a denial of service for users with many rewards. For example, a user has hundreds or thousands of rewards. Attempting to claim all rewards in one transaction would exceed the block gas limit, causing the transaction to fail. So, users with large rewards may be unable to claim them, frustrating users and making the contract less usable, particularly for those with high volumes of rewards.
Tools Used
Manual review.
Recommendations
Avoid looping over large arrays. Consider breaking down reward claiming into smaller actions, such as claiming individual rewards or limiting the size of the array.
Appeal created
Gas Limit Exhaustion in `claimAllRewards` Function
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.