The `_getWinnerShares` function uses an unbounded for loop which can cause denial of service.
The _getWinnerShares function uses an unbounded for loop which can cause denial of service.
Description
-
The
_getWinnerSharesfunction uses an unbounded loop, this can hit a gas limit for a transaction when the length ofusersAddressis too large considering that the array can contain duplicates. Since the_getWinnerSharesinternal function is called by thesetWinnerfunction for the admin to set the winner, this can cause denial of service.function _getWinnerShares() internal returns (uint256) {for (uint256 i = 0; i < usersAddress.length; ++i) {address user = usersAddress[i];totalWinnerShares += userSharesToCountry[user][winnerCountryId];}return totalWinnerShares;}
Risk
Likelihood:
This happens when the usersAddress array is too large.
Impact:
Causes denial of service
Recommended Mitigation
Bound the loop to a maximum number to avoid reverts in case the array is long.
Appeal created
Unbounded Loop in _getWinnerShares Causes Denial of Service
The _getWinnerShares() function is intended to iterate through all users and sum their shares for the winning country, returning the total.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.