President Elector

First Flight #24

Beginner FriendlyFoundry

100 EXP

View results

Previous Next

Submission Details

Severity: medium

Valid

Potential Denial of Service (DoS) via Large Candidate Lists

a1111198

Summary

The selectPresident function aggregates all candidates from voters' submissions, potentially leading to an extremely large s_candidateList. If voters submit ballots with numerous unique candidates, it could cause the function to exceed the block gas limit, resulting in a Denial of Service (DoS) where the election cannot be completed.

Vulnerability Details

Affected Function: selectPresident
Issue Explanation:
- Unbounded Loop: The function iterates over VOTERS and their orderedCandidates, adding new candidates to s_candidateList without limits.
- Gas Limit Exceeded: With enough unique candidates, the gas required to execute the function could surpass the block gas limit.
- DoS Scenario: If the function cannot complete due to gas constraints, the election process halts.

Impact

Severity: High

Election Halt: The president cannot be selected, effectively stopping the election process.
System Vulnerability: Malicious actors can intentionally cause this condition to disrupt governance.
Resource Exhaustion: Excessive gas consumption leads to increased costs for users and potential network strain.

Tools Used

Manual Code Review: Identified loops with potential for unbounded iteration.

Recommendations

Limit Candidate Entries:
- Max Candidates Per Voter: Enforce a maximum number of candidates each voter can submit.
  
  uint256 private constant MAX_CANDIDATES_PER_VOTER = 10;
  require(orderedCandidates.length <= MAX_CANDIDATES_PER_VOTER, "Too many candidates");
Track Unique Candidates Efficiently:
- Use Mappings: Replace array searches with mappings to efficiently check for existing candidates.
  
  mapping(address => bool) private candidateExists;
- Avoid Nested Loops: Refactor the code to eliminate or minimize nested looping structures.
Process Candidates Off-Chain:
- Perform candidate aggregation off-chain and submit a compressed list to the contract.
Implement Batching:
- If the list is too large, process candidates in batches over multiple transactions.
Set Gas Limits:
- Include checks to ensure the function does not proceed if gas consumption is approaching limits.

Updates

Lead Judging Commences

inallhonesty Lead Judge 9 months ago

Submission Judgement Published

Validated

Assigned finding tags:

A high number of candidates could cause an OOG

Rewards breakdown

nSLOC

140

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.