Submission Details
Impact:
Likelihood:
Inefficient Linear Iteration in getUserMemorabiliaDetailed
Root + Impact
Description
-
The
getUserMemorabiliaDetailedfunction iterates through all collections and all possible item IDs to determine which memorabilia tokens a user owns. This is highly inefficient on-chain and will cause gas costs to explode as collections grow. -
This could exceed gas limits and break frontends or dApps querying this function.
for (uint256 cId = 1; cId < nextCollectionId; cId++) {
for (uint256 iId = 1; iId < collections[cId].currentItemId; iId++) {
if (balanceOf(user, tokenId) > 0) {
Risk
Likelihood
Increases over time with user adoption.
Certain queries may revert due to block gas limits.
Impact
Function becomes unusable for real users.
UIs break, analytics unavailable.Proof of Concept
// User has many tokens spread across collections
// Function fails due to excessive gas usage
festivalPass.getUserMemorabiliaDetailed(user); // reverts
Recommended Mitigation
- // do not loop over all tokens
+ // emit event when minting
emit MemorabiliaRedeemed(msg.sender, tokenId, collectionId, itemId);
#Allow overpayment and refund the difference.
Rewards breakdown
nSLOC
234This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.