Mystery Box
First Flight #25
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: low
Valid

[L-1] `claimAllRewards()` - potentially DoS

parkervzone

Summary

claimAllRewards()function may not be available if the user's array Reward[] in the mapping rewardOwned is too large.

Vulnerability Details

When the Reward[] array on rewardsOwned becomes too large, the user will not be able to withdraw their rewards using the claimAllRewards() function due to exceeding the block gas limit.

function claimAllRewards() public {
uint256 totalValue = 0;
for (uint256 i = 0; i < rewardsOwned[msg.sender].length; i++) {
totalValue += rewardsOwned[msg.sender][i].value;
}
require(totalValue > 0, "No rewards to claim");
(bool success,) = payable(msg.sender).call{value: totalValue}("");
require(success, "Transfer failed");
delete rewardsOwned[msg.sender];
}

This leads to the fact that the totalValue slot cyclically changes its value, this behavior can lead to too many calculations.

Impact

The user cannot withdraw their rewards, but such a situation will be rare, since it requires too large an array.

Tools Used

Manual code review.

Recommendations

Split the withdrawal of rewards into parts and make a time limit for theclaimAllRewards().

Updates

Appeal created

inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

Gas Limit Exhaustion in `claimAllRewards` Function

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!