The purchase
function in the BuyerAgent.sol
contract has been identified to potentially expose the protocol to Denial of Service (DoS) attacks due to an unbounded for loop iterating over an array of asset addresses returned by an oracle.
The purchase
function iterates over an array of assets obtained from the oracle using the oracleResult(taskId)
function.
The loop processes each asset and executes external calls to retrieve the listing price and purchase the asset.
If the array of assets is large, the cumulative gas cost of executing the loop may exceed the block gas limit, leading to transaction failures. This could potentially allow an attacker to exploit the system by providing an excessive number of assets in the oracle response, causing legitimate transactions to fail and preventing users from interacting with the contract.
The issue can be found here: https://github.com/Cyfrin/2024-10-swan-dria/blob/main/contracts/swan/BuyerAgent.sol#L222-L256
Legitimate users may be unable to execute transactions due to high gas costs leading to failures.
Manual Review
Introduce a cap on the number of assets that can be processed in a single transaction. This will help ensure that the gas cost remains within acceptable limits.
Ex:
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.