Missing String Length Validation in `createMemorabiliaCollection()`
Root + Impact
Description
-
The `createMemorabiliaCollection()` function does not validate the length of `name` and `baseUri` string parameters. Extremely long strings could cause gas issues during storage and retrieval operations.
```solidity
function createMemorabiliaCollection(
string memory name,
string memory baseUri,
uint256 priceInBeat,
uint256 maxSupply,
bool activateNow
) external onlyOrganizer returns (uint256) {
require(bytes(name).length > 0, "Name required"); // @> No maximum length check
require(bytes(baseUri).length > 0, "URI required"); // @> No maximum length check
// ...
}
```
Risk
Likelihood:
-
* Organizer can set any string length
* Accidental or malicious use of extremely long strings
* Storage operations become expensive
Impact:
-
* High gas costs for storing and reading long strings
* Potential DoS if strings are extremely long
* Poor user experience
Proof of Concept
Recommended Mitigation
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Judging
Submissions are being reviewed by our AI judge. Results will be available in a few minutes.
View all submissionsRewards Distribution
The contest is complete and the rewards are being distributed.