Liquid Staking
Stakelink
DeFiHardhatOracle
50,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Potential Gas Limit Issues with Unbounded Loops

xidik

Summary

Some functions contain loops that iterate over arrays without explicit bounds or limits. If the arrays become too large, these loops may consume excessive gas, causing transactions to fail due to reaching the block gas limit.

Vulnerability Details

In CommunityVCS:

function _deployVaults(uint256 _numVaults) internal {
bytes memory data = abi.encodeWithSignature(
"initialize(address,address,address,address)",
address(token),
address(this),
address(stakeController),
stakeController.getRewardVault()
);
for (uint256 i = 0; i < _numVaults; i++) {
_deployVault(data);
}
}

If _numVaults is large, the loop may exceed the gas limit. Similar issues may arise in functions that process large arrays.

Impact

  • Transaction Failures: Users may experience failed transactions due to gas exhaustion.

  • Denial of Service: Critical functions may become unusable if they cannot be executed within the gas limit.

Tools Used

Manual code review.

Recommendations

  • Implement Loop Limits:

    • Set reasonable maximum values for loop iterations.

    • For example, limit _numVaults to a safe number.

  • Batch Processing:

    • Allow operations to be performed in batches, so users can process a manageable number of items per transaction.

  • Off-Chain Computation:

    • Where possible, perform computations off-chain and provide the results on-chain for verification.

  • User Guidance:

    • Document any limitations and provide guidance to users to prevent issues.

Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.