DoS in `LSTRewardsSplitterController.removeSplitter()` Due to Unbounded Loop in Account Removal
Summary
The LSTRewardsSplitterController contract contains a vulnerability that could lead to a DoS. As the number of accounts grows, the gas cost for removing accounts increases, potentially exceeding block gas limits and rendering the function inoperable.
Vulnerability Details
In the LSTRewardsSplitterController contract, the removeSplitter() function is used by admin for removing accounts and contains a loop that iterates over all accounts when removing one. As the number of accounts grows, the gas cost of this operation increases linearly, potentially exceeding the block gas limit.
LSTRewardsSplitterController.sol#L143-L150
Impact
Denial of Service: If the number of accounts grows too large, it may become impossible to remove any accounts due to the function exceeding the block gas limit. This could lead to a complete DoS for this functionality and for checkUpkeep() / performUpkeep().
Recommendations
Set a maximum limit on the number of accounts: Prevent the list from growing beyond a size that can be safely managed within gas limits.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.