Submission Details
Severity:
Unbounded Loops in `getUserCollateralValue` Risk Denial of Service
Summary
The getUserCollateralValue function iterates over all NFTs deposited by a user, risking gas exhaustion and denial of service.
Vulnerability Details
The function loops through all NFTs without a cap:
for (uint256 i = 0; i < user.nftTokenIds.length; i++) { // @audit no bound, this can cause a dos if too large
totalValue += getNFTPrice(user.nftTokenIds[i]);
}
Impact
Gas Exhaustion: Users with many NFTs cannot interact with the protocol because it will be gas expensive or will even revert with a gas limit error.
Tools Used
Manual review
Recommendations
The protocol can set a maximum number of NFTs a user can hold or use pagination to get user NFTs (start and end)
Updates
Lead Judging Commences
inallhonesty about 1 month ago
Submission Judgement Published Reason: Design choice
Assigned finding tags:
LendingPool: Unbounded NFT array iteration in collateral valuation functions creates DoS risk, potentially blocking liquidations and critical operations
LightChaser L-36 and M-02 covers it.
inallhonesty about 1 month ago
Submission Judgement Published Reason: Design choice
Assigned finding tags:
LendingPool: Unbounded NFT array iteration in collateral valuation functions creates DoS risk, potentially blocking liquidations and critical operations
LightChaser L-36 and M-02 covers it.
Prize pool breakdown
Total prize
77,280 USDC
nSLOC
3,86420 USDC / LOC
74,000
3,280
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.