Liquid Staking
Stakelink
DeFiHardhatOracle
50,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Potential Vulnerabilities in fundFlowController.sol `_sortIndexesDescending()` function

viquetoh

Summary:

Inefficiency(Bubble Sort): The function uses Bubble Sort which has a time complexity of O(n^2). for large arrays, this can be very gas-intensive and might even exceed the block gas limit.

Vulnerability Details:

function _sortIndexesDescending(
uint256[] memory _values
) internal pure returns (uint256[] memory) {
uint256 n = _values.length;
uint256[] memory indexes = new uint256[]();
for (uint256 i = 0; i < n; ++i) {
indexes[i] = i;
}
for (uint256 i = 0; i < n - 1; ++i) {
for (uint256 j = 0; j < n - i - 1; ++j) {
if (_values[j] < _values[j + 1]) {
(_values[j], _values[j + 1]) = (_values[j + 1], _values[j]);
(indexes[j], indexes[j + 1]) = (indexes[j + 1], indexes[j]);
}
}
}
return indexes;
}

Impact:

Sorting algorithms with a complexity of O(n^2) will be expensive in terms of gas on the Ethereum Virtual Machine (EVM), especially for large arrays. Sorting a large array of uint256 can result in gas costs growing quickly.
This might cause the function to run out of gas and fail.

Tools Used:

Recommendations:

  1. Replace the bubble sort with a more efficient algorithm like QickSort or Merge sort which have average time complexities of
    O(n log n).

  2. Reduce unnecessary loops and leverage gas-efficient libraries for sorting(e.g., OpenZeppelin's SafeMath utilities or other efficient algorithms).

Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.