Potential Performance Issue with Unbounded Loops.
Summary
Loops that do not have a fixed number of iterations have to be used carefully: Due to the block gas limit, transactions can only consume a certain amount of gas.The batch function allows multiple encoded function calls to be executed in a single transaction, which can be efficient but also risky if the input size is too large.
Vulnerability Details
Loops in Solidity that don't have a fixed iteration count should be managed carefully because they can exceed the block gas limit, leading to transaction reverts. The batch function allows multiple encoded calls to be processed in a single transaction, which can be efficient but also opens up the contract to spam vulnerabilities if an excessively large number of entries are passed in the calls array. If this happens, the function may revert due to hitting the gas limit. It can make it practically impossible to call the batch function effectively without appropriate limits in place to prevent excessive gas consumption.
Impact
Transaction failures and disruption of contract logic.
Tools Used
Manual
Recommendations
Implementing a maximum limit on the size of the calls array is advisable. This helps ensure the function remains usable while protecting against malicious behavior.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.