Unbounded Loop in _obtain_price_params()
Summary
An unbounded loop is a loop that iterates over an array or mapping without a fixed limit, potentially leading to gas exhaustion or denial of service (DoS) if the input data is too large.
Why _obtain_price_params() Is Vulnerable
If _obtain_price_params() contains a loop that iterates over an arbitrary-length array, an attacker can exploit it by passing an extremely large dataset, causing the function to exceed the gas limit and revert.
function _obtain_price_params() internal view returns (PriceParameters memory) {
PriceParameters memory params;
for (uint256 i = 0; i < priceData.length; i++) {
params = process(priceData[i]); // Processing each price data entry }
return params; }
Attack Scenario
An attacker fills
priceDatawith a large number of elements (e.g., 1 million entries).When
_obtain_price_params()is called, the loop tries to iterate over all elements.The function exceeds the block gas limit, causing it to revert and preventing execution.
This can be used as a DoS attack to block legitimate users from executing transactions.
Vulnerability Details
Impact
Tools Used
Recommendations
1. Use a Bounded Loop
Limit the maximum number of iterations using a reasonable cap.
uint256 constant MAX_ITERATIONS = 100;
function _obtain_price_params() internal view returns (PriceParameters memory) {
PriceParameters memory params; uint256 length = priceData.length > MAX_ITERATIONS ? MAX_ITERATIONS : priceData.length;
for (uint256 i = 0; i < length; i++) { params = process(priceData[i]); }
return params; }
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.