Gas Limit
Summary
The contract contains batch functions (e.g., batchRegisterCollateralToken, batchCreateContingentPool, batchAddLiquidity) that process arrays of inputs in a loop.
Vulnerability Details
The contract includes several batch functions (e.g., batchRegisterCollateralToken, batchCreateContingentPool, batchAddLiquidity) that process arrays of inputs in a loop. If the input array is too large, the transaction could exceed the Ethereum block gas limit, causing it to fail. This is a common issue in batch operations, as each iteration of the loop consumes additional gas, and large arrays can quickly push the total gas usage beyond the limit.
Impact
If a user submits a batch with too many items, the transaction will fail, resulting in wasted gas fees.
An attacker could intentionally submit large batches to cause transactions to fail, disrupting the normal operation of the contract.
Tools Used
Manual Code Review
Recommendations
Define a maximum batch size constant (MAX_BATCH_SIZE) and enforce it in all batch functions. This prevents transactions from exceeding the gas limit.
uint256 public constant MAX_BATCH_SIZE = 50
Check the length of the input array before processing the batch. If the array exceeds the maximum size, revert the transaction with a clear error message.
require(_collateralTokens.length <= MAX_BATCH_SIZE, "Batch size too large");
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.