Using Library `Statistic.sol` may result in Out of Gas issue.
Summary
Contracts using Statistic.sol library is prone to Out-Of-Gas error . Because It contains functions Statistics.sol::avg() and Statistics.sol::variance() which uses for loop without considering gas limitations. If the array size gets larger, the transaction may run out of gas which result in failure of transaction.
Vulnerability Details
When any of the contract uses this function avg() ::
https://github.com/Cyfrin/2024-10-swan-dria/blob/c8686b199daadcef3161980022e12b66a5304f8e/contracts/libraries/Statistics.sol#L8-L15
|| AND ||
function variance() ::
https://github.com/Cyfrin/2024-10-swan-dria/blob/c8686b199daadcef3161980022e12b66a5304f8e/contracts/libraries/Statistics.sol#L18-L26
As seen in the above mentioned code the for loop iterates until i < data.length, which means it runs until the loop reaches the end of array.
When the lenght of array gets bigger the number of iteration will also increase which will result in more gas consumption.
And Ethereum has a gas limit on each block and if the gas consumption is more than the limit it will revert the transaction which means the transaction will be failed.
Impact
The Protocol could face DOS when dealing with large amount of data while using this library functions.
Because of more iteration there will be a high chances of more gas cost for processing transactions.
Tools Used
Manual Review
Recommendations
Maybe try adding batch processing in the above mentioned functions OR Try adding array length limits
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.