Project
One World
NFTDeFi
15,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Lack of Limits on burnBatchMultiple Function in MembershipERC1155

axicnode398

Issue:

The burnBatchMultiple function allows batch burning of tokens for multiple users without a limit on the array size, potentially enabling DoS attacks via large arrays.

Location:

  • File: MembershipERC1155.sol

  • Function: burnBatchMultiple

function burnBatchMultiple(address[] memory froms) public onlyRole(OWP_FACTORY_ROLE) {
for(uint256 j = 0; j < froms.length; ++j){
for(uint256 i = 0; i < 7; ++i){
uint256 amount = balanceOf(froms[j], i);
if (amount > 0) {
burn_(froms[j], i, amount);
}
}
}
}

Exploit Code:

An attacker could pass an excessively large froms array to burnBatchMultiple, consuming significant gas and potentially causing a DoS for the contract.

address;
membershipERC1155.burnBatchMultiple(largeArray);

Impact:

This could result in high gas consumption and potentially a denial of service, making it costly or impractical for legitimate users to interact with the contract.

Recommendation:

Implement a size limit for the froms array to prevent excessive gas usage:

uint256 constant MAX_BATCH_SIZE = 100;
function burnBatchMultiple(address[] memory froms) public onlyRole(OWP_FACTORY_ROLE) {
require(froms.length <= MAX_BATCH_SIZE, "Batch size exceeds limit");
for (uint256 j = 0; j < froms.length; ++j) {
for (uint256 i = 0; i < 7; ++i) {
uint256 amount = balanceOf(froms[j], i);
if (amount > 0) {
burn_(froms[j], i, amount);
}
}
}
}
Updates

Lead Judging Commences

0xbrivan2 Lead Judge 9 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.