Submission Details
Impact:
Likelihood:
Contract DOS
Unbounded Loop in `briVault::_getWinnerShares` Can Lead to Contract DoS
Description
The `briVault::_getWinnerShares` function an unbounded loop that iterates over all participants stored in `briVault::usersAddress` array. This function is called during winner selection and calculates total shares for the winning team. The loop performs storage operations in each iteration, which is gas-intensive. If there are huge numbers of participants, the gas cost increases linearly. Which lead to exceeding the block gas limit.
// Root cause in the codebase with @> marks to highlight the relevant section totalWinnerShares += userSharesToCountry[user][winnerCountryId];
Risk
Likelihood:
-
Reason 1 When participents ar too many
-
Reason 2
Impact:
-
Impact 1 Cause the whole protocol led to DoS
-
Impact 2
Proof of Concept
Recommended Mitigation
- remove this code
+ add this codeUse a ` mapping(uint256 => uint256) public sharesPerCountry;` to track shares per country and use `sharesPerCountry[countryId] += participantShares;` in `briVault::joinEvent` to update immediately and then return in `briVault::setWinner`.
Rewards breakdown
nSLOC
193This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.