DoS via large NFT arrays
Summary
Loops in withdrawNFT() and finalizeLiquidation() can gas out with large arrays of NFTs, potentially leading to a denial of service.
Vulnerability Details
The withdrawNFT() function iterates over user.nftTokenIds, which could exceed gas limits if the array is large. Similarly, finalizeLiquidation() could face the same issue, causing transaction failures and preventing users from withdrawing their NFTs.
Impact
Large NFT arrays can cause transactions to fail due to gas limits, effectively denying service to users and potentially locking their assets in the protocol.
Tools Used
Manual review
Lead Judging Commences
LendingPool: Unbounded NFT array iteration in collateral valuation functions creates DoS risk, potentially blocking liquidations and critical operations
LightChaser L-36 and M-02 covers it.
LendingPool: Unbounded NFT array iteration in collateral valuation functions creates DoS risk, potentially blocking liquidations and critical operations
LightChaser L-36 and M-02 covers it.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.