Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: high
Invalid

Unbounded Loop in getTotalWeight May Cause Denial of Service (DoS)

sunnyjoy686

Contract: GaugeController

Finding: Unbounded Loop in getTotalWeight May Cause Denial of Service (DoS)

Issue Summary

The getTotalWeight function in GaugeController iterates over the entire _gaugeList array, which can only grow over time. This creates a Denial of Service (DoS) risk when the list becomes too large, as the function may exceed the block gas limit and fail to execute.

Potential Vulnerability

Gas Limit Exceeded

  • As _gaugeList grows indefinitely, iterating over all elements in a single transaction increases gas costs.

  • Once the gas cost exceeds the block limit, getTotalWeight becomes unusable and may cause dependent transactions to fail.

Unbounded Loop

  • Since the function iterates over all elements, every additional gauge increases gas costs, making it increasingly expensive over time.

Impact: High

  • If getTotalWeight is critical to the protocol (e.g., used in rewards calculations), a DoS condition could halt key functionalities such as staking rewards or voting weight calculations.

  • Once the function exceeds gas limits, no further updates can occur, leading to a permanent lock.

Likelihood: High

  • Since _gaugeList only grows, the issue is inevitable as more gauges are added.

  • The problem scales with adoption and worsens over time.

Proof of Concept (PoC)

Scenario

  1. Deploy a GaugeController contract with an initial _gaugeList containing 10 items.

  2. Call getTotalWeight → The function executes successfully.

  3. Add 10,000+ gauges to _gaugeList.

  4. Call getTotalWeight → The function fails due to out-of-gas error.

Recommended Fix

Maintain a Running Total
Instead of iterating over the list every time getTotalWeight is called, store an updated total weight whenever weights change:

Add a State Variable for Total Weight

uint256 private _totalWeight;

** Update** _totalWeight When a Gauge’s Weight Changes

Modify _updateGaugeWeight to update _totalWeight:

function _updateGaugeWeight(address gauge, uint256 newWeight) internal {
uint256 oldWeight = gaugeWeights[gauge];
_totalWeight = _totalWeight - oldWeight + newWeight;
gaugeWeights[gauge] = newWeight;
}

** Modify** getTotalWeight to Return the Stored Value

function getTotalWeight() external view returns (uint256) {
return _totalWeight;
}

Alternative Mitigations

Batch Processing: If iterating is necessary, split the function into multiple calls handling subsets of gauges.
Gas Limit Checks: Implement logic to stop iteration early if gas usage exceeds a safe threshold.

Updates

Lead Judging Commences

inallhonesty Lead Judge 4 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
inallhonesty Lead Judge 4 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.