Upgraded Q -> M from 264 [1659038303960] #276
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
duplicate
This issue or pull request already exists
upgraded by judge
Judge has assessed an item in Issue #264 as Medium risk. The relevant finding follows:
[L-05] Unbounded loop on array can lead to DoS
As these arrays can grow quite large (only push operations, no pop), the transaction's gas cost could exceed the block gas limit and make it impossible to call the impacted functions at all.
contracts/BaseRewardPool.sol:
126: extraRewards.push(_reward);
176: for (uint256 i = 0; i < extraRewards.length; i++) {
199: for (uint256 i = 0; i < extraRewards.length; i++) {
218: for (uint256 i = 0; i < extraRewards.length; i++) {
245: for (uint256 i = 0; i < extraRewards.length; i++) {
282: for (uint256 i = 0; i < extraRewards.length; i++) {
contracts/Booster.sol:
282: poolInfo.push(
329: for (uint256 i = 0; i < poolInfo.length; i++) {
contracts/RewardFactory.sol:
49: for (uint256 i = 0; i < length; i++) {
52: activeList.push(pid);
66: for (uint256 i = 0; i < length; i++) {
71: activeList.pop();
contracts/VE3DLocker.sol:
123: epochs.push(Epoch({supply: 0, date: uint32(currentEpoch)}));
156: rewardTokens.push(_rewardsToken);
207: for (uint256 i; i < rewardTokens.length; i++) {
286: for (uint256 i = 0; i < userRewards.length; i++) {
457: for (uint256 i = nextUnlockIndex; i < locks.length; i++) {
500: epochs.push(Epoch({supply: 0, date: uint32(nextEpochDate)}));
546: userLocks[_account].push(
579: userLocks[_account].push(
640: for (uint256 i = nextUnlockIndex; i < length; i++) {
720: for (uint256 i; i < rewardTokens.length; i++) {
803: for (uint256 i = 0; i < rewardTokens.length; i++) {
contracts/VE3DRewardPool.sol:
138: extraRewards.push(_reward);
148: for (uint256 i = 0; i < rewardTokens.length(); i++) {
214: for (uint256 i = 0; i < length; i++) {
238: for (uint256 i = 0; i < length; i++) {
257: for (uint256 i = 0; i < length; i++) {
281: for (uint256 i = 0; i < rewardTokens.length(); i++) {
326: for (uint256 i = 0; i < length; i++) {
Consider introducing a reasonable upper limit based on block gas limits and adding a method to remove elements in the array.
The text was updated successfully, but these errors were encountered: