Gas limit DoS due to large number of voters
Gas limit DoS due to large number of voters
Summary
The contract contains a vulnerability that can lead to a Denial of Service (DoS) attack. This issue arises due to the contract iterating over a large number of voters in the selectPresident function, which may cause the transaction to run out of gas, preventing the contract from executing as intended.
Vulnerability Details
The vulnerability lies in L68 and L107 of the contract.
As the number of VOTERS is not bounded, running the loops in L68 and L107 of the selectPresident and _selectPresidentRecursive functions respectively would lead to a DoS attack due to excessive gas consumption, causing the function to fail.
Proof Of Concept
Deployer initializes a large number of
VOTERSduring contract deployment.When the
selectPresidentfunction is executed, it leads to a DoS attack, and the function fails to execute.
Impact
The vulnerability would lead to users not being able to call the selectPresident function successfully.
Tools Used
Foundry, manual review
Recommended Mitigation
To mitigate the vulnerability, the contract can be updated to use a batch voting system where the votes are processed in batches rather than in single function.
Lead Judging Commences
[INVALID] A high number of voters can lead to OOG in selecting the president
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.