Submission Details
Impact:
Likelihood:
[M-5] Inefficient loop usage in mintSnowman() can cause gas fees exceeding block gas limit
[M-5] Inefficient loop usage in mintSnowman() can cause gas fees exceeding block gas limit
Description
-
The
mintSnowman()function uses a for loop to mint the NFTs -
Due to the unbound loop the execution is very gas costly and can exceed the block gas limit
function mintSnowman(address receiver, uint256 amount) external {
for (uint256 i = 0; i < amount; i++) {
_safeMint(receiver, s_TokenCounter);
@> emit SnowmanMinted(receiver, s_TokenCounter);
@> s_TokenCounter++;
}
}
Risk
Likelihood:
Whenever a very high value for
amountis passed while callingmintSnowman()
Impact:
-
The execution may exceed block gas limit
-
Function will revert
Proof of Concept
Add the following test case to the test suite of snowman:
function test_gasInefficiency() public {
uint256 start = gasleft();
nft.mintSnowman(alice, 1);
uint256 lessFee = start - gasleft();
start = gasleft();
nft.mintSnowman(alice, 1000);
uint256 moreFee = start - gasleft();
assert(lessFee < moreFee);
}
Recommended Mitigation
- for (uint256 i = 0; i < amount; i++) {
- _safeMint(receiver, s_TokenCounter);
- emit SnowmanMinted(receiver, s_TokenCounter);
- s_TokenCounter++;
- }
+ for (uint256 i = 0; i < amount; i++) {
+ _safeMint(receiver, s_TokenCounter + i);
+ }
+ s_TokenCounter = s_TokenOwner + amount;
+ emit SnowmanMinted(receiver, s_TokenCounter);
Rewards breakdown
nSLOC
215This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.