Liquid Staking

Stakelink
DeFiHardhatOracle
50,000 USDC
View results
Submission Details
Severity: low
Invalid

Users can cause Unbounded GAS in themselves

Vulnerability Details.

Users can add multiple values ​​into an array called `_vaults` that are of type uint256 this uint256 can come with duplicate values ​​causing an Unbounded GAS on them

function claimRewards(
uint256[] calldata _vaults,
uint256 _minRewards
) external returns (uint256) {
address receiver = address(this);
uint256 balanceBefore = token.balanceOf(address(this));
// @audit-issue [L-01] Users can cause Unbounded GAS in themselves
// @audit-info the function doesnt check if _vaults are duplicates
for (uint256 i = 0; i < _vaults.length; ++i) {
ICommunityVault(address(vaults[_vaults[i]])).claimRewards(_minRewards, receiver);
}
uint256 balanceAfter = token.balanceOf(address(this));
return balanceAfter - balanceBefore;
}

Impact

Unbounded GAS

Tools Used

Visual Studio Code + Manual Review

Recommendations

Add check for duplicate values ​​and add a constant value that corresponds to the maximum vaults the contract should have

Updates

Lead Judging Commences

inallhonesty Lead Judge 8 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.