President Elector

First Flight #24

Beginner FriendlyFoundry

100 EXP

View results

Previous Next

Submission Details

Severity: medium

Invalid

Functions with large loops involving big array could exceed the gas limit and fail during execution

soupy

Summary

As the contract is related to the President election, the VOTERS is expected to be a hugh list. Functions that iterate over the VOTERS array, such as selectPresident, will become very slow, having higher gas costs due to the need to loop through potentially large arrays, and eventually could exceed the gas limit and fail during execution. This could make the contract operations prohibitively expensive and affect the usability of the contract.

Ref Line of Code:
https://github.com/Cyfrin/2024-09-president-elector/blob/fccb8e2b6a32404b4664fa001faa334f258b4947/src/RankedChoice.sol#L68

https://github.com/Cyfrin/2024-09-president-elector/blob/fccb8e2b6a32404b4664fa001faa334f258b4947/src/RankedChoice.sol#L107

https://github.com/Cyfrin/2024-09-president-elector/blob/fccb8e2b6a32404b4664fa001faa334f258b4947/src/RankedChoice.sol#L167

Vulnerability Details

The Ethereum blockchain has a block gas limit, which imposes a maximum gas usage per block. Large operations involving big arrays might exceed this limit, resulting in failed transactions and inability to execute critical functions. As the contract is related to US-President election, the VOTERS list is in certain a giant list of voter addresses.

Operations such as checking if an address is in the VOTERS array or managing large arrays can be inefficient with respect to gas usage. The complexity of iterating over a large array such as the selectPresident function could lead to higher computational costs, potential delays, performance issue and fail eventually due to hitting the maximum gas limit.

Impact

Gas limit exceeded resulting in failed transactions and inability to execute critical functions

Tools Used

Manual review

Recommendations

Consider implement the followings to mitigate the impact due to the use of large VOTERS array:

Use mapping : Instead of storing large array, consider using mappings for efficient lookups and management. For instance, use a mapping to check if an address is a voter, on top of the current mapping to manage their rankings.
Paginate data: Consider breaking down large data into manageable chunks or using pagination techniques to handle large voter list more efficiently.

Updates

Lead Judging Commences

inallhonesty Lead Judge 12 months ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Assigned finding tags:

[INVALID] A high number of voters can lead to OOG in selecting the president

Rewards breakdown

nSLOC

140

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.