function `updateStrategyRewads` uses Large amount of Gas
Summary
In the StakingPool.sol contract, the updateStrategyRewards function at line 343 presents two significant risks: potential for a Denial of Service (DoS) attack due to gas limit exhaustion and repeated receiver entries being processed multiple times. If _strategyIdxs is large or the strategies return substantial arrays of receivers and fee amounts, this function could consume excessive gas, potentially making it too costly to execute. Additionally, processing the same receiver multiple times across different strategies may result in unintended behaviors.
Impact
-
DoS Attack via Gas Limit Exhaustion:
If the array_strategyIdxscontains a large number of entries or if strategies involve many receivers and fees, the function could run out of gas. This could
prevent the function from being executed, effectively causing a Denial of Service (DoS), where users are unable to update rewards, affecting the proper
functioning of the staking pool.
Recommendations
-
Limit Array Size and Inputs:
Set a maximum limit on the size of the_strategyIdxsarray and impose a reasonable limit on the size of receiver and fee arrays returned by strategies.
This will help ensure that the function operates within the gas limits.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.