Pieces Protocol

Summary

The TokenDivider contract contains a mapping s_userToSellOrders, which stores arrays of sell orders for each user. If a user places a very large number of sell orders (e.g., thousands), it could potentially lead to a Denial of Service (DoS) due to increased gas costs when interacting with this mapping.

Vulnerability Details

In the contract located at TokenDivider::mapping(address user => SellOrder[] orders) s_userToSellOrders, the s_userToSellOrders mapping stores an array of sell orders for each user. As the array grows excessively large, operations such as adding, removing, or iterating through the orders may consume excessive gas, leading to a potential Denial of Service (DoS). This becomes critical if users intentionally create large numbers of orders to disrupt the protocol or cause failed transactions.

Impact

Denial of Service (DoS):

• Transactions interacting with s_userToSellOrders may fail if the gas required exceeds the block gas limit.

• This could disrupt users from adding, modifying, or accessing sell orders.

Recommendations

1. Impose a Limit on Sell Orders:

   • Set a maximum number of sell orders that a user can place. For example:

     require(s_userToSellOrders[user].length < MAX_ORDERS, "Sell order limit exceeded");

2. Optimize Data Structures:

   • Instead of using an array, consider alternative data structures like a mapping of unique IDs to orders for more efficient management.

Tools Used

Manual code review