Trick or Treat
First Flight #27
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Invalid

Unbounded Iteration in `constructor` may lead to deployment failure due to gas limit constraints

sstoqnov_

Summary

A potential Denial of Service (DoS) vulnerability has been identified in the SpookySwap contract's constructor. The vulnerability stems from unbounded iteration over an input array during contract deployment, which could cause the contract deployment to fail due to exceeding the block gas limit.

Vulnerability Details

The constructor accepts an array of Treat structs and iterates over them using a for loop:

constructor(Treat[] memory treats) ERC721("SpookyTreats", "SPKY") {
nextTokenId = 1;
for (uint256 i = 0; i < treats.length; i++) {
addTreat(treats[i].name, treats[i].cost, treats[i].metadataURI);
}
}

Impact

Each iteration performs multiple storage operations which is gas-intensive:

  • Updates treatList mapping

  • Pushes to treatNames array

  • Emits an event

Gas consumption increases linearly with array size.

Contract deployment could fail if the treats array is too large.

Tools Used

  • Manual code review

  • Slither

  • Aderyn

  • Foundry

Recommendations

For the solution it might be good to implement a maximum array length check like this:

constructor(Treat[] memory treats) ERC721("SpookyTreats", "SPKY") {
+ require(treats.length <= 50, "Too many initial treats");
nextTokenId = 1;
for (uint256 i = 0; i < treats.length; i++) {
addTreat(treats[i].name, treats[i].cost, treats[i].metadataURI);
}
}
Updates

Appeal created

bube Lead Judge 9 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.