Core Contracts

Regnum Aurum Acquisition Corp

HardhatReal World AssetsNFT

77,280 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

Unbounded Manager List Causing Denial-of-Service Risk

0xluckyluke

Summary

The StabilityPool contract in the system contains an unbounded managerList dynamic array that grows without a cap when managers are added via the addManager function. This unbounded growth leads to a potential denial-of-service (DoS) risk, as view functions like getManagers() and state-changing functions like removeManager could exceed Ethereum’s block gas limit as the list size increases, rendering them uncallable.

Vulnerability Details

address[] public managerList;

function addManager(address manager, uint256 allocation) external onlyOwner validAmount(allocation) {

if (managers[manager]) revert ManagerAlreadyExists();

managers[manager] = true;

managerAllocation[manager] = allocation;

totalAllocation += allocation;

managerList.push(manager);

emit ManagerAdded(manager, allocation);

}

function getManagers() external view returns (address[] memory) {

return managerList;

}

function findManagerIndex(address manager) internal view returns (uint256) {

for (uint256 i = 0; i < managerList.length; i++) {

if (managerList[i] == manager) {

return i;

}

revert ManagerNotFound();

}

https://github.com/Cyfrin/2025-02-raac/blob/89ccb062e2b175374d40d824263a4c0b601bcb7f/contracts/core/pools/StabilityPool/StabilityPool.sol#L344-L351

Impact

If managerList grows too large, getManagers() becomes uncallable, preventing external systems or users from retrieving the list of managers, disrupting monitoring or management operations. This could affect reliance on the function for off-chain analytics or governance.
removeManager could also fail due to high gas costs, complicating the removal of managers and potentially locking the contract into an unusable state if the list becomes too large.
Malicious actors or unintentional overuse by the contract owner could exploit this to render critical functions unusable, impacting the stability and reliability of the StabilityPool.

Tools Used

Manual

Recommendations

Introduce a constant MAX_MANAGERS in the StabilityPool contract and enforce it in addManager:

uint256 constant MAX_MANAGERS = 100;

if (managerList.length >= MAX_MANAGERS) revert("Manager limit reached");

Updates

Lead Judging Commences

inallhonesty Lead Judge 4 months ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Prize pool breakdown

Total prize

77,280 USDC

nSLOC

3,864

20 USDC / LOC

High Medium

74,000

Low

3,280

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.