Hawk High
First Flight #39
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Impact: high
Likelihood: medium
Invalid

Denial of Service on removeTeacher / expel function

mentemdeus

Summary

Both functions iterate through dynamic arrays (listOfTeachers and listOfStudents) to locate and remove specific entries. As these arrays grow, the gas required for iteration increases, potentially exceeding the block gas limit and causing transaction failures.

Vulnerability Details

Unbounded Loops: The functions use for loops to traverse arrays without limiting the number of iterations. These patterns are susceptible to gas limit vulnerabilities,If a function in a smart contract requires more gas than the block gas limit to complete its execution, the transaction will fail."

for (uint256 n = 0; n < teacherLength; n++) {
if (listOfTeachers[n] == _teacher) {
listOfTeachers[n] = listOfTeachers[teacherLength - 1];
listOfTeachers.pop();
break;
}
}
for (uint256 n = 0; n < studentLength; n++) {
if (listOfStudents[n] == _student) {
listOfStudents[n] = listOfStudents[studentLength - 1];
listOfStudents.pop();
break;
}
}

Impact

  1. Functionality Loss: Essential administrative actions like removing teachers or expelling students could become impossible, disrupting contract operations.

Tools Used

Manual Code review

Recommendations

  1. Use Mappings Instead of Arrays: Replace dynamic arrays with mappings for tracking teachers and students. Mappings offer constant-time access and are not susceptible to iteration-based gas issues.

  2. Implement Index Tracking: If arrays are necessary, maintain a separate mapping to track each address's index in the array, enabling direct access and removal without iteration.

Updates

Lead Judging Commences

yeahchibyke Lead Judge 2 months ago
Submission Judgement Published
Invalidated
Reason: Too generic

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.