Skip to content
This repository has been archived by the owner on May 26, 2023. It is now read-only.

SPYBOY - Possible DOS in getPositionIdsByOwner() function because of unbounded gas consumption #95

Closed
github-actions bot opened this issue Mar 1, 2023 · 0 comments
Closed

SPYBOY - Possible DOS in getPositionIdsByOwner() function because of unbounded gas consumption #95

github-actions bot opened this issue Mar 1, 2023 · 0 comments
Labels
Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label Non-Reward This issue will not receive a payout

Comments

@github-actions
Copy link

github-actions bot commented Mar 1, 2023
edited
Loading

SPYBOY

medium

Possible DOS in getPositionIdsByOwner() function because of unbounded gas consumption

Summary

In the BlueBerryBank.sol contract getPositionIdsByOwner function is declared which returns the position ids of the position owner. We can only get this list of ids from the getPositionIdsByOwner view function. There is no option to remove this ids from this array. for loop inside getPositionIdsByOwner() will be running for each position until it finds positions[i].owner == owner . Every time this calculation is gas-consuming.

Vulnerability Detail

Impact

This function fetched all elements of the list from storage, which is really gas-consuming and even can break the block gas limit in case the list is too large. Even though users don’t need to pay gas for the view function, this function is still failed if its gas cost larger than the block gas limit.

Related sherlock report : sherlock-audit/2022-10-union-finance-judging#69

Code Snippet

https://github.com/sherlock-audit/2023-02-blueberry/blob/main/contracts/BlueBerryBank.sol#L315-L333

function getPositionIdsByOwner(address owner)
        external
        view
        returns (uint256[] memory ids)
    {
        uint256[] memory matchingIds = new uint256[](nextPositionId);
        uint256 index;
        for (uint256 i = 0; i < nextPositionId; i++) {
            if (positions[i].owner == owner) {
                matchingIds[index] = i;
                index++;
            }
        }

        ids = new uint256[](index);
        for (uint256 i = 0; i < index; i++) {
            ids[i] = matchingIds[i];
        }
    }

Tool used

Manual Review

Recommendation

The function getPositionIdsByOwner should return an array in range or should iterate in range

function getPositionIdsByOwner(address owner, unit range) external view returns (uint256[] memory ids)
{
......
}

Duplicate of #77
@github-actions github-actions bot added Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label Medium A valid Medium severity issue labels Mar 1, 2023
@github-actions github-actions bot closed this as completed Mar 1, 2023
@sherlock-admin sherlock-admin added Non-Reward This issue will not receive a payout and removed Medium A valid Medium severity issue labels Mar 19, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label Non-Reward This issue will not receive a payout
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sherlock-admin