Project
One World
NFTDeFi
15,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Unbounded double loop in burnBatchMultiple function can Lead to DOS

peterpepoc

Summary

The burnBatchMultiple function in MembershipERC1155 contract contains the unbounded double loop that iterates through an array of addresses. If this array is too large, the function could exceed the block gas limit, causing a denial of service condition.

Vulnerability Details

The vulnerability exists in the burnBatchMultiple function:

function burnBatchMultiple(address[] memory froms)
public
onlyRole(OWP_FACTORY_ROLE)
{
// @audit Nested loops without bounds
for(uint256 j = 0; j < froms.length; ++j){
for(uint256 i = 0; i < 7; ++i){
uint256 amount = balanceOf(froms[j], i);
if (amount > 0) {
burn_(froms[j], i, amount);
}
}
}
}

Key issues:
The outer loop iterates through an unbounded array froms
Each iteration requires 7 inner loop iterations
Each burn_ operation consumes significant gas
No limit on the size of froms array

Impact

Transaction Failure: If froms.length is too large, the transaction will fail due to exceeding block gas limit
Denial of Service: Function becomes unusable when array size is too large
Gas Waste: Failed transactions still consume gas
Function Unusability: Critical batch operations could become impossible to execute
Admin Function Blocking: Since this is an admin function (OWP_FACTORY_ROLE), it could block important protocol operations

Tools Used

Manual code review

Recommendations

1.Add Array Length Limit:
2.Implement Pagination

Updates

Lead Judging Commences

0xbrivan2 Lead Judge 10 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Appeal created

peterpepoc Submitter
10 months ago
0xbrivan2 Lead Judge
10 months ago
0xbrivan2 Lead Judge 9 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.