Gas Limit Exhaustion Due to Unchecked Array Length Manipulation / Denial of Service (DoS)
Summary
in guagecontroller.sol
The function getTotalWeight() in its current form iterates through _gaugeList, which can lead to excessive gas consumption if the list size is manipulated by an external actor. This can cause the transaction to exceed the block gas limit and fail.
Vulnerability Details:
Gas Consumption Risk: The loop over _gaugeList can exceed the gas limit if the array is large.
External Manipulation: An adversary could register many gauges, increasing the array length and causing the function to run out of gas.
Impact:
Denial of Service (DoS): External actors can cause getTotalWeight() to fail, disrupting the contract's functionality.
Potential Exploitation: If _gaugeList is manipulated, it could lead to a DoS attack where users cannot retrieve the total weight.
Proof of Concept (PoC):
An attacker can call a function that adds a large number of gauges to _gaugeList, causing getTotalWeight() to exceed the gas limit:
// Example of an attack function that adds many gauges
function attackAddGauges(uint256 numGauges) external {
for (uint256 i = 0; i < numGauges; i++) {
// Add new gauges (this could be done in an attack scenario)
_gaugeList.push(address(new Gauge())); // Hypothetical new gauge
}
}
Tools Used: none
Recommendations:
Implement a running total of weights to avoid looping over the entire array in getTotalWeight().
Severity:
High – This issue can lead to a Denial of Service (DoS) attack, where transactions fail due to exceeding the block gas limit, impacting the availability of the contract's functionality.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.