BriVault
First Flight #52
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

Title: Duplicate and Unremoved Participants Increase Gas Cost and Iteration Complexity

shalinshah130

Title: Duplicate and Unremoved Participants Increase Gas Cost and Iteration Complexity

  • Impact: usersAddress may contain duplicates and never shrinks when users cancel, increasing gas cost for finalization loops and making on‑chain iteration unreliable.

  • Evidence: joinEvent appends without checking hasJoined; cancelParticipation does not remove entries.

  • Recommendation (formal mitigation):

    1. Maintain a mapping(address => bool) hasJoined to prevent duplicate appends.

    2. Implement participant removal using swap-and-pop in cancelParticipation and clear hasJoined flag.

    3. Consider bounded data structures or off‑chain aggregation for large participant sets; if iteration on-chain is unavoidable, document participant limits and gas implications.

Example removal pattern:

function _removeParticipant(address user) internal {
if (!hasJoined[user]) return;
uint256 index = participantIndex[user];
uint256 last = usersAddress.length - 1;
address lastUser = usersAddress[last];
usersAddress[index] = lastUser;
participantIndex[lastUser] = index;
usersAddress.pop();
delete participantIndex[user];
hasJoined[user] = false;
}
Updates

Appeal created

bube Lead Judge 19 days ago
Submission Judgement Published
Validated
Assigned finding tags:

Duplicate registration through `joinEvent`

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!