Suboptimal Array Sizing in `_distributeToGauges`
Summary
The _distributeToGauges function allocates a fixed-size array matching _gaugeList.length, regardless of how many gauges are actually active. This implementation creates unnecessary memory overhead when working with partially active gauge lists.
Vulnerability Details
The current implementation pre-allocates memory for all possible gauges:
This approach reserves memory space for every gauge in _gaugeList, even though only active gauges require storage. When dealing with lists containing numerous inactive gauges, this creates unnecessary memory bloat.
Impact
Excessive gas consumption from over-allocation of memory
Inefficient resource utilization, particularly noticeable in scenarios with a low ratio of active to total gauges
Tools Used
Manual code review
Recommendations
Implement dynamic array allocation to store only active gauge weights:
Consider using a mapping structure to eliminate excess memory allocation
This revised approach using push() ensures memory allocation aligns with the actual number of active gauges, leading to improved gas efficiency and better resource management.
Lead Judging Commences
GaugeController._distributeToGauges iterates twice over unbounded gauges list without error handling, causing DoS risk from out-of-gas or single gauge revert
GaugeController._distributeToGauges iterates twice over unbounded gauges list without error handling, causing DoS risk from out-of-gas or single gauge revert
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.