TwentyOne

First Flight #29

Beginner FriendlyGameFiFoundrySolidity

100 EXP

View results

Previous Next

Submission Details

Severity: medium

Invalid

Inefficient Clearing of Dynamic Arrays in the endGame Function

bryanconquer

Summary

The endGame function of the TwentyOne contract uses the delete operation to reset the dynamic arrays playersDeck[player].playersCards and dealersDeck[player].dealersCards. However, this approach does not completely clear the arrays' underlying storage. While the delete operation sets the length of the arrays to zero, it does not remove residual data in storage, leading to potential inefficiencies in subsequent array operations.

Vulnerability Details

delete playersDeck[player].playersCards and delete dealersDeck[player].dealersCards only set the length of the arrays to zero, leaving residual storage intact.

Residual storage data increases gas costs for future operations and may result in unintended behaviors.

Impact

Inefficient gas usage during subsequent operations.

Potential for stale data causing unexpected behavior in edge cases.

Tools Used

Recommendations

Replace the delete operation with an explicit truncation of the dynamic arrays to ensure complete removal of data from storage

function endGame(address player, bool playerWon) internal {

// Clear the player's cards by truncating the array

while (playersDeck[player].playersCards.length > 0) {

playersDeck[player].playersCards.pop();

}

// Clear the dealer's cards by truncating the array

while (dealersDeck[player].dealersCards.length > 0) {

dealersDeck[player].dealersCards.pop();

}

// Clear the available deck

delete availableCards[player]; // Assuming this is an array that doesn't require manual truncation

// Handle player winnings

if (playerWon) {

payable(player).transfer(2 ether);

emit FeeWithdrawn(player, 2 ether);

}

Updates

Lead Judging Commences

inallhonesty Lead Judge 11 months ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Rewards breakdown

nSLOC

147

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.