Denial of Service Risk in `claimAllRewards` Function
Summary
The claimAllRewards function may lead to an infinite loop or excessive gas consumption if the number of rewards owned by a user is too large. This issue can prevent successful execution and result in failed transactions.
Vulnerability Details
The claimAllRewards function iterates over the entire rewardsOwned array for a user to calculate the total value of rewards. If a user has accumulated a large number of rewards, this loop could consume excessive gas, potentially exceeding the block gas limit.
Impact
The potential consequences of an infinite or gas-exhaustive loop are; users may be unable to execute certain functions, such as claiming rewards or interacting with the contract, due to gas limits being reached during array iteration. In the case of reward claims, users could potentially have their funds locked in the contract if the claim function fails due to an out-of-gas error.
The contract may become unusable if critical functions cannot be executed because the arrays involved have grown too large. This could effectively lead to a Denial of Service (DoS) attack, where users are unable to interact with the contract as intended.
Tools Used
Manual Review
Recommendations
Allow users to claim rewards in batches to avoid excessive gas usage in a single transaction.
Appeal created
Gas Limit Exhaustion in `claimAllRewards` Function
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.