Lack of Limit to the maximum number of routes that can be added
Summary
In addRoute function, the nRoutes counter is incremented after each addition of a new route, but there is no check to ensure that it doesn't exceed the maximum allowed number of routes.
As the protocol is designed to scale and interact with a large number of routes, this could lead to significant gas inefficiency and performance issues over time. Without any route limit, the system could face growing storage costs and operational delays as the number of routes increases.
Vulnerability Details
The addRoute function increments the nRoutes variable each time a new route is added without any limitation. This causes a progressively growing storage as more routes are added.
The primary concern with the way nRoutes is incremented is not a hard limit on the number of routes but the gas cost associated with storing more routes.
As more routes are added, the cost of adding a new route increases due to the growing storage requirements. If the number of routes grows excessively, users or contract interactions could become too expensive, causing high gas costs.
If the contract begins hitting gas limits or the block size as a result of excessive route additions, interactions with the contract could become inefficient or even fail..
Impact
Leads to system failure or DOS because of gas limits and block size constraints.
Route complexity grows, making it difficult for the system to efficiently manage and execute swaps, potentially leading to operational errors.
Tools Used
Vscode, Manual Analysis
Recommendation
Add a limit to the maximum number of routes that can be added.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.