Unbounded Loop in StrategyManager::getStrategyDepositRoom leads to potential DoS
Summary
The StrategyManager contract contains an unbounded loop in its getStrategyDepositRoom function. As the number of strategies increases, this function may exceed the block gas limit or become too expensive to call. It is generally not a good practice to iterate through an unbounded loop.
Vulnerability Details
The getStrategyDepositRoom function iterates through all strategies stored in the strategies array to calculate the total deposit room. However, the number of strategies could grow to a point where the gas cost of this operation becomes expensive or exceeds the block gas limit.
Impact
1. The getStrategyDepositRoom function may become too gas-intensive to call, preventing users from getting accurate deposit room information.
2. If other critical functions rely on getStrategyDepositRoom, they may also become unusable.
Tools Used
Manual Review
Recommendations
1. Implement a caching mechanism to store the total deposit room and update it periodically or when strategies are added/removed, rather than calculating it on every call.
2. Implement a maximum batch size for processing strategies in a single transaction.
3. Consider using a more gas-efficient data structure for storing and accessing strategies, such as a mapping with a separate array for keys.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.