Mystery Box

Summary

The claimSingleReward() function can throw an array out-of-bounds exception if an invalid index is provided, allowing an attacker to exploit this error condition.

Vulnerability Details

The condition in the require statement uses <=, which allows an attacker to pass an index equal to rewardsOwned[msg.sender].length. This results in an attempt to access an index that is out of bounds.

• Vulnerable Code Snippet

}

Impact

If the attacker uses a malicious contract or even just their own account to spam the claimSingleReward() function with invalid indices the following can happen :

• Increased Network Load: Each failed transaction adds load to the network because it still requires the same amount of processing power and resources to validate, even if it fails.

• Gas Consumption: Users who attempt to call claimSingleReward() with valid indices may face issues such as increased gas costs due to network congestion caused by failed transactions. They may find that their valid transactions either take longer to process or fail due to gas limits being hit.

• Frustration and Trust Erosion: As users repeatedly encounter failures when trying to claim rewards, their frustration could lead to a loss of trust in the contract or project.

while a single user calling claimSingleReward() with an out-of-bounds index doesn't directly affect the execution of other user's transactions, it can lead to network congestion and frustration for legitimate users trying to interact with the contract. This situation exemplifies a Denial of Service attack because it disrupts normal operations and prevents other users from successfully executing their intended transactions.

Tools Used

Manual Review

Recommendations

Correct the condition in the initial require statement in claimSingleReward(uint256 _index) function to prevent out-of-bounds access by changing <= to <.

As I have shown below :

}