Hawk High
First Flight #39
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Impact: medium
Likelihood: medium
Invalid

[M-01] When the Number of Students Is Too Large, Calling `expel` by the Principal May Lead to a DOS Attack

0x996

Summary

When the number of students is excessively large, calling expel by the principal may result in a DOS (Denial of Service) attack.

Vulnerability Details

To find a specific student, the system will iterate through all students! When the number of students becomes too large, this may lead to a DOS attack.

Since the system could be used by dozens or even hundreds of schools, each with thousands of students, a DOS attack is a real possibility!

for (uint256 n = 0; n < studentLength; n++) {
if (listOfStudents[n] == _student) {
listOfStudents[n] = listOfStudents[studentLength - 1];
listOfStudents.pop();
break;
}
}

Impact

  1. Expelling a student will incur a large amount of gas.

  2. Due to the large number of students, this could potentially lead to a DOS attack.

POC

Not written.

Recommendations

  1. It is recommended to use a mapping to retrieve the specific student!

Updates

Lead Judging Commences

yeahchibyke Lead Judge 6 months ago
Submission Judgement Published
Invalidated
Reason: Too generic

Appeal created

0x996 Submitter
6 months ago
yeahchibyke Lead Judge
6 months ago
yeahchibyke Lead Judge 6 months ago
Submission Judgement Published
Invalidated
Reason: Too generic

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.