Excessive Gas Consumption in Loops Over Beneficiaries
Summary
Functions like withdrawInheritedFunds and buyOutEstateNFT loop over the beneficiaries array, which can lead to excessive gas consumption if the array grows too large, potentially causing transaction failures or enabling denial-of-service (DoS) attacks.
Vulnerability Details
The withdrawInheritedFunds and buyOutEstateNFT functions iterate over the beneficiaries array to distribute funds or handle NFT buyouts.
There is no upper limit on the size of the beneficiaries array, meaning it can grow arbitrarily large if the owner adds many beneficiaries via addBeneficiery.
Each iteration in the loop consumes gas (e.g., for storage access, transfers, and calculations). If the array size exceeds the block gas limit (e.g., millions of gas), the transaction will fail.
Impact
Transactions calling withdrawInheritedFunds or buyOutEstateNFT may fail due to exceeding the block gas limit, preventing beneficiaries from accessing their funds.
Tools Used
Manual code review.
Recommendations
Cap the Number of Beneficiaries
or
Switch to a Pull Pattern for Withdrawals
or
Use a Mapping Instead of an Array
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.