`PriorityPool::getAccountData` Fails Due to Out-of-Gas Error as Account List Grows
Summary
The PriorityPool::getAccountData function becomes prone to out-of-gas errors as the length of the accounts array grows. Since the function loops through an ever-expanding array length (reSDLBalances), it eventually hits a gas limit, causing the function to fail. This issue poses a critical risk to the protocol, as the function provides essential data for off-chain systems to calculate the Merkle tree.
Vulnerability Details
The PriorityPool::getAccountData function is designed to return the accounts, reSDLBalances, and queuedBalances by looping through every account that has ever queued tokens. The problem arises because the size of the accounts array grows indefinitely, leading to increased gas consumption with each additional account.
The problematic portion of the code is as follows:
As the number of accounts grows, the gas required to execute the loop increases, eventually causing the function to fail due to an out-of-gas error. Since the reSDLBalances and queuedBalances arrays are dynamically allocated based on the size of the accounts array, the function’s gas consumption scales with the number of users.
Impact
PriorityPool::getAccountData is a critical function that supplies data required by off-chain systems responsible for calculating the Merkle tree. If this function fails due to an out-of-gas error, it prevents the off-chain system from accessing the necessary account data, potentially halting critical processes within the protocol.
Tools Used
Manual
Recommendations
Refactor PriorityPool::getAccountData to handle large arrays more efficiently.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.