Unbounded Array Loop Leading to Permanent Denial-of-Service (DoS)
Root + Impact
Description
-
Users deposit assets before they join an event, the asset is stored as 'staked assets' and when the user tries to join an event, this staked asset is checked to ensure user has deposited before the user's address is stored in the dynamic array 'usersAddress'
-
The problem here is that the array is unbounded, can grow indefinetly, so an attacker can fill the array with thousands of different addresses, or same address multiple times, so when the owner goes to call the 'setWinner' function to set the winning country, the function '_getWinnerShares' is called internally within, and this function iterates over the usersAddress array, the function will hit the block gas limit and revert, meaning owner can't set a winning team.
Risk
Likelihood:
-
When owner goes to set the winning team after attacker has filled the array past the gas limit threshold of a block
Impact:
Direct Dos leading to stuck funds in the protocol. since owner can't set winning country, nobody can claim funds
Proof of Concept
Recommended Mitigation
Appeal created
Unbounded Loop in _getWinnerShares Causes Denial of Service
The _getWinnerShares() function is intended to iterate through all users and sum their shares for the winning country, returning the total.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.