Submission Details
Severity:
Unbounded gauge list growth can lead to DOS in critical functions
Description
The GaugeController contract maintains an array of all gauges (_gaugeList) that grows without bounds and is traversed in critical functions:
function addGauge(address gauge, GaugeType gaugeType, uint256 initialWeight) external {
// No mechanism to remove gauges
_gaugeList.push(gauge);
}
function getTotalWeight() public view returns (uint256) {
// Iterates through entire array
for (uint256 i = 0; i < _gaugeList.length; i++) {
if (gauges[_gaugeList[i]].isActive) {
total += gauges[_gaugeList[i]].weight;
}
}
}
This design has two critical issues:
getTotalWeight()is called in core functions like reward distributionAs more gauges are added, gas costs increase linearly
Could reach block gas limit making functions inoperable
Recommendation
Maintain a running total instead of looping:
uint256 public totalWeight;
function addGauge(...) {
_gaugeList.push(gauge);
if(initialWeight > 0) {
totalWeight += initialWeight;
}
}
function getTotalWeight() public view returns (uint256) {
return totalWeight;
}
Or implement gauge removal and cleanup:
function removeGauge(address gauge) external {
// Remove from array and reorganize
// Update weights
}
Prize pool breakdown
Total prize
77,280 USDC
nSLOC
3,86420 USDC / LOC
74,000
3,280
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.